1. Home
    2. /
  2. Manuals
    3. /
  3. Billion
    4. /
  4. BiPaC-7402NX
    5. /
  5. 27
Page 131 / 165 Scroll up to view Page 126 - 130
Billion BiPAC 7402NX(L) 802.11n 3G/ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
127
Configuring the L2TP VPN in the Office
Item
Function
Description
1
Name
VPN_L2TP
Given name of L2TP connection
2
Connection Type
Remote Access
Select Remote Access from Connection Type
drop-down menu
Type
Dial out
Select Dial out from Type drop-down menu
3
IP Address (or
Hostname)
69.121.1.33
An Dialed server IP
Username
username
4
Password
123456
A given username & password
5
Auth.Type
Chap(Auto)
Keep as default value in most of the cases.
IPSec
Enable
Enable for enhancing your L2TP VPN security.
Authentication
MD5
Encryption
3DES
Perfect Forward
Secrecy
None
6
Pre-shared Key
12345678
Both sites should use the same value.
Page 132 / 165
Billion BiPAC 7402NX(L) 802.11n 3G/ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
128
Example: Configuring your Router to Dial-in to the Server
Currently, Microsoft Windows operation system does not support L2TP incoming service. Additional
software may be required to set up your L2TP incoming service.
L2TP Connection - LAN to LAN
L2TP VPN Connection
Name:
A given name of the connection.
Connection Type: Remote Access
or
LAN to LAN.
Active:
This function activates or deactivates the L2TP connection.
Check Active checkbox if you want
the protocol of tunnel to be activated and vice versa.
Note:
When the Active checkbox is checked, the function of Edit and Delete will not be available.
Type:
Check
Dial Out
if you want your router to operate as a client (connecting to a remote VPN server,
e.g. your office server), check
Dial In
operates as a VPN server.
j)
When configuring your router establish the connection to a remote LAN, enter the remote
Server
IP
Address
(or Hostname)
you wish to connection to.
k)
When configuring your router as a server to accept incoming connections, enter the
Private IP
Address Assigned to Dial in User
address.
Peer Network IP:
Enter Peer network IP address.
Netmask:
Enter the subnet mask of peer network based on the Peer Network IP setting.
Username:
If you are a Dial-Out user (client), enter the username provided by your Host. If you are a
Dial-In user (server), enter your own username.
Password:
If you are a Dial-Out user (client), enter the password provided by your Host. If you are a
Dial-In user (server), enter your own password.
Authentication Type:
Default is
Auto
if you want the router to determine the authentication type to use,
or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP (Password
Authentication Protocol) if you know which type the server is using (when acting as a client), or else the
authentication type you want clients connecting to you to use (when acting as a server). When using PAP,
the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also allows
for challenges at different periods to ensure that the client has not been replaced by an intruder.
Page 133 / 165
Billion BiPAC 7402NX(L) 802.11n 3G/ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
129
Tunnel Authentication:
This enables router to authenticate both the L2TP remote and L2TP host.
This
is only valid when L2TP remote supports this feature.
Secret:
The secure password length should be 16 characters which may include numbers and
characters.
Active as default route
: As the connection type is LAN to LAN, this function will become to disable.
Remote Host Name (Optional):
Enter hostname of remote VPN device. It is a tunnel identifier from the
Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel
will be connected; otherwise, it will be dropped.
Cautious:
This is only when the router performs as a VPN server. This option should be used by advanced users
only.
Local Host Name (Optional):
Enter hostname of Local VPN device that is connected / establishes a
VPN tunnel. As default, Router’s default Hostname is
home.gateway.
IPSec:
Enable for enhancing your L2TP VPN security.
Authentication:
Authentication establishes the integrity of the datagram and ensures it is not tampered
with in transmit. There are three options, Message Digest 5 (
MD5
), Secure Hash Algorithm (
SHA1
) or
NONE
. SHA-1 is more resistant to brute-force attacks than MD5, however it is slower.
MD5:
A one-way hashing algorithm that produces a 128
bit hash.
SHA1:
A one-way hashing algorithm that produces a 160
bit hash.
Encryption:
Select the encryption method from the pull-down menu. There are four options,
DES
,
3DES
,
AES
and
NULL
. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but
increase latency.
l)
DES:
Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
m)
3DES:
Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
n)
AES:
Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method.
Perfect Forward Secrecy:
Choose whether to enable PFS using Diffie-Hellman public-key cryptography
to change encryption keys during the second phase of VPN negotiation. This function will provide better
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that
allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the
Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups.
Pre-shared Key:
This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters.
Both sides should use the same key. IKE is used to establish a shared security policy and authenticated
keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router
must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key
into both sides (router or hosts).
Click
Edit/Delete
to save your changes.
Page 134 / 165
Billion BiPAC 7402NX(L) 802.11n 3G/ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
130
Example: Configuring L2TP LAN-to-LAN VPN Connection
The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over
the Internet. The routers are installed in the head office and branch office accordingly.
Both office LAN networks
MUST in different subnet
with LAN to LAN application.
Functions of
Pre-shared Key, VPN Connection Type and Security Algorithm
MUST BE
identically set up on both sides.
Attention
Page 135 / 165
Billion BiPAC 7402NX(L) 802.11n 3G/ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
131
Configuring L2TP VPN in the Head Office
The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make
sure this IP is not used in the head office LAN.
Item
Function
Description
1
Name
HeadOffice
Given a name of L2TP connection
2
Connection Type
LAN to LAN
Select LAN to LAN from Connection Type drop-down
menu
Type
Dial in
Select Dial in from Type drop-down menu
3
IP Address
192.168.1.200
IP address assigned to branch office network
Peer Network IP
192.168.0.0
4
Netmask
255.255.255.0
Branch office network
Username
username
5
Password
123456
Input username & password to authenticate branch
office network
6
Auth.Type
Chap(Auto)
Keep as default value in most of the cases.
IPSec
Enable
Enable for enhancing your L2TP VPN security.
Authentication
MD5
Encryption
3DES
Perfect Forward
Secrecy
None
7
Pre-shared Key
12345678
Both sites should use the same value.

Rate

4.5 / 5 based on 2 votes.

Popular Billion Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top