Billion 810VGTX Router

Page | 75

Function

Description

Name

Head Office

Given name of PPTP connection

Connection type

LAN to LAN

Select LAN to LAN from the Connection Type drop-down

menu

Type

Dial in

Select Dial in from the Type drop-down menu

IP Address

69.121.1.33

IP address assigned to branch office network

Peer Network IP

192.168.1.0

Head office network

Netmask

255.255.255.0

Username

Username

A given username & password to authenticate branch office

network.

Password

123456

Auth. Type

Chap(Auto)

Keep as default value in most of the cases, PPTP server &

client will determine the value automatically. Refer to manual

for details if you want to change the setting.

Data Encryption

Auto

Key Length

Auto

Mode

Stateful

PPTP Connection - Remote Access

Name

: A given name for the connection (e.g. “connection to office”).

Connection Type

: Remote Access or LAN to LAN.

Type:

Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office

server), check Dial In if it operates as a VPN server.

When configuring your router as a Client, enter the remote Server IP Address (or Domain Name) you wish to

connect to.

When configuring your router as a server, enter the Private IP Address assigned to the Dial in User.

IP Address:

Enter the IP address.

Username:

If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user

(server), enter your own username.

Billion 810VGTX Router

Page | 76

Password:

If you are a Dial-Out user (client), enter the password provided by your Host. If you are a Dial-In user

(server), enter your own password.

Authentication Type:

Default is Auto if you want the router to automatically determine the authentication type to use. If

you know which authentication type the server is using (when acting as a client), you may manually specify the

Authentication type whether CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication

Protocol). When acting as a server, you can set the authentication type you want the clients connecting to you to use.

When using PAP, the password is sent unencrypted, while CHAP encrypts the password before sending it.

Data Encryption:

Data sent over the VPN connection can be encrypted by an MPPE algorithm. Default is set to Auto, so

that this setting is negotiated when establishing a connection, you can also manually Enable or Disable the encryption.

Key Length:

The data can be encrypted by MPPE algorithm with 40 bits or 128 bits. Default is Auto, it is negotiated

when establishing a connection. 128 bit keys provide a stronger encryption than 40 bit keys.

Mode:

You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful

mode. If you select Stateless mode, the key will be changed in each packet.

Active as default route:

Commonly used by the Dial-out connection where all packets will route through the VPN tunnel

to the Internet. Therefore activating this function may degrade the Internet performance.

Click Edit/Delete button to save your changes.

Example: Configuring a Remote Access PPTP VPN Dial-out Connection

An office establishes a PPTP VPN connection with a file server located at a different location. The router is installed in

the office, connected to a couple of PCs and Servers.

Billion 810VGTX Router

Page | 77

Configuring the PPTP VPN in the Office

Click Configuration > VPN > PPTP. Choose Remote Access from the Connect Type drop-down menu. You can either

input the IP address (69.121.1.33 in this case) or hostname to reach the server.

Function

Description

Name

VPN PPTP

Given name of PPTP connection

Connection type

Remote Access

Select Remote Access from the Connection Type drop-down

menu

Type

Dial out

Select Dial out from the Type drop-down menu

IP Address (or

Domain name)

69.121.1.33

A Dialed server IP

Username

Username

A given username & password to authenticate branch office

network.

Password

123456

Auth. Type

Chap(Auto)

Keep as default value in most cases, PPTP server & client will

determine the value automatically. Refer to the manual for

details if you want to change the settings.

Data Encryption

Auto

Key Length

Auto

Mode

Stateful

Billion 810VGTX Router

Page | 78

IPSec (IP Security Protocol)

IPSec VPN Connection

Name:

A given name for the connection (e.g. “connection to office”).

Local Network:

Set the IP address, subnet or address range of the local network.

Single Address:

The IP address of the local host.

Subnet:

The subnet of the local network.

For example, IP: 192.168.1.0 with netmask 255.255.255.0 specifies one class

C subnet starting from 192.168.1.1 (i.e. 192.168.1.1 through to 10.0.0.2).

IP Range:

The IP address range of the local network. For Example, IP: 192.168.1.1, end IP: 192.168.1.10.

IP Address:

Enter the IP address.

Remote Secure Gateway Address (or Domain Name):

The IP address or hostname of the remote VPN device that is

connected and establishes a VPN tunnel.

Remote Network:

Set the IP address, subnet or address range of the remote network.

IKE (Internet key Exchange) Mode:

Select IKE mode to Main mode or Aggressive mode. This IKE provides secured

key generation and key management.

Billion 810VGTX Router

Page | 79

Pre-shared Key:

This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides

should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as

IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its

peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).

Local ID:

Content: Input

ID’s information, like domain name

www.ipsectest.com.

Remote ID: Identifier:

Input remote ID’s information, like domain name ww.ipsectest.com

Hash Function:

It is a Message Digest algorithm which coverts any length of a message into a unique set of bits.

It is widely used MD5 (Message Digest) and SHA-1 (Secure Hash Algorithm) algorithms. SHA1 is more resistant to

brute-force attacks than MD5, however it is slower.

MD5:

A one-way hashing algorithm that produces a 128-bit hash.

SHA1:

A one-way hashing algorithm that produces a 160-bit hash

Encryption:

Select the encryption method from the pull-down menu. There are several options, DES, 3DES and AES

(128, 192 and 256). 3DES and AES are more powerful but increase latency.

DES:

Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

3DES:

Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method.

AES:

Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as an encryption

method.

Diffie-Hellman Group:

It is a public-key cryptography protocol that allows two parties to establish a shared secret

over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP

1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.

IPSec Proposal:

Select the IPSec security method. There are two methods of checking the authentication information,

AH (authentication header) and ESP (Encapsulating Security Payload). Use ESP for greater security so that data will

be encrypted and authenticated. Using AH data will be authenticated but not encrypted.

Authentication:

Authentication establishes the integrity of the datagram and ensures it is not tampered with in

transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE. SHA1 is more

resistant to brute-force attacks than MD5, however it is slower.

MD5:

A one-way hashing algorithm that produces a 128-bit hash.

SHA1:

A one-way hashing algorithm that produces a 160-bit hash

Encryption:

Select the encryption method from the pull-down menu. There are several options, DES, 3DES, AES

(128, 192 and 256) and NULL. NULL means it is a tunnel with no encryption. 3DES and AES are more powerful but

increase latency.

DES:

Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

3DES:

Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method.

AES:

Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method.

Perfect Forward Secrecy:

Choose whether to enable PFS using Diffie-Hellman public-key cryptography to change

encryption keys during the second phase of VPN negotiation. This function of a cryptography protocol is to allow two

parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three

modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.