1. Home
    2. /
  2. Manuals
    3. /
  3. Teltonika
    4. /
  4. RUT950
    5. /
  5. 18
Page 86 / 145 Scroll up to view Page 81 - 85
86
Field name
Sample
Explanation
1.
Enable
Enable/Disable
Enable host name based websites blocking
2.
Mode
Whitelist/Blacklist
Whitelist - allow every site on the list and block everything else. Blacklist -
block every site on the list and allow everything else.
3.
Enable
Enable/Disable
Check to enable site blocking
4.
Host name
www.yahoo.com
Block/allow site with this hostname
8.3.2
Proxy Based Content Blocker
Field name
Sample
Explanation
1.
Enable
Enable/Disable
Enable proxy server based URL content blocking. Works with HTTP
protocol only
2.
Mode
Whitelist/Blacklist
Whitelist - allow every part of URL on the list and block everything
else. Blacklist - block every part of URL on the list and allow everything
else
3.
URL
content
example.com
Block/allow any URL containing this string. Example.com, example.*,
*.example.com
Page 87 / 145
87
8.4
NTP
NTP configuration lets you setup and synchronize routers time.
Field name
Description
1.
Current System time
Local time of router.
2.
Time zone
Time zone of your country.
3.
Enable NTP
Enable system’s time synchronization with time server using NTP (Network Time
Protocol)
4.
Update interval
How often router updates systems time
5.
Save time to flash
Save last synchronized time to flash memory
6.
Count of time
synchronizations
Total amount of times that router will do the synchronization. Note: If left blank - the
count will be infinite
7.
Offset frequency
Adjust the minor drift of the clock so that it will be more accurate
Note, that under
Time Servers
at least one server has to be present, otherwise NTP will not serve its purposes.
Page 88 / 145
88
8.5
VPN
8.5.1
OpenVPN
VPN (Virtual Private Network)
is a method for secure data transfer through unsafe public network. This section
explains how to configure OpenVPN, which is implementation of VPN supported by the RUT9 router.
A picture below demonstrates default OpenVPN configurations list, which is empty, so you have to define a new
configuration to establish any sort of OpenVPN connection. To create it, enter desired configuration name in
“New
configuration name”
field, select device role from
“Role”
drop down list. For example, to create an OpenVPN client with
configuration name demo, select client role, name it “demo” and press
“Add New”
button as shown in the following
picture.
To see at specific configuration settings press
“edit”
button located in newly created configuration entry. A new
page with detailed configuration appears, as shown in the picture below (TLS client example).
Page 89 / 145
89
There can be multiple server/client instances.
You can set custom settings here according to your VPN needs.
Below is summary of parameters available to set:
Field name
Explanation
1.
Enabled
Switches configuration on and off. This must be selected to make configuration active.
2.
TUN/TAP
Selects virtual VPN interface type. TUN is most often used in typical IP-level VPN connections,
however, TAP is required to some Ethernet bridging configurations.
3.
Protocol
Defines a transport protocol used by connection. You can choose here between TCP and UDP.
4.
Port
Defines TCP or UDP port number (make sure, that this port allowed by firewall).
5.
LZO
This setting enables LZO compression. With LZO compression, your VPN connection will
Page 90 / 145
90
generate less network traffic; however, this means higher router CPU loads. Use it carefully
with high rate traffic or low CPU resources.
6.
Encryption
Selects Packet encryption algorithm.
7.
Authentication
Sets authentication mode, used to secure data sessions. Two possibilities you have here:
“Static key” means, that OpenVPN
client and server will use the same secret key, which must
be uploaded to the router using “Static pre
-
shared key” option. “TLS” authentication mode
uses X.509 type certificates. Depending on your selected OpenVPN mode (client or server)
you have to upload these certificates to the router:
For client: Certificate Authority (CA), Client certificate, Client key.
For server: Certificate Authority (CA), Server certificate, Server key and Diffie-Hellman (DH)
certificate used to key exchange through unsafe data networks.
All mention certificates can be generated using OpenVPN or Open SSL utilities on any type
host machine. Certificate generation and theory is out of scope of this user manual.
8.
TLS cipher
Packet encryption algorithm (cipher)
9.
Remote host/IP
address
IP address of OpenVPN server (applicable only for client configuration).
10.
Resolve Retry
Sets time in seconds to try resolving server hostname periodically in case of first resolve
failure before generating service exception.
11.
Keep alive
Defines two time intervals: one is used to periodically send ICMP request to OpenVPN server,
and another one defines a time window, which is used to restart OpenVPN service, if no ICPM
request is received during the window time slice. Example Keep Alive “10 60”
12.
Remote network
IP address
IP address of remote network, an actual LAN network behind another VPN endpoint.
13.
Remote network
IP netmask
Subnet mask of remote network, an actual LAN network behind another VPN endpoint.
14.
Max routes
Allow a maximum number of routes to be pulled from an OpenVPN server
15.
HMAC
authentication
algorithm
Sets HMAC authentication algorithm
16.
Additional
HMAC
authentication
Add an additional layer of HMAC authentication on top of the TLS control channel to protect
against DoS attacks
17.
Certificate
authority
Certificate authority is an entity that issues digital certificates. A digital certificate certifies the
ownership of a public key by the named subject of the certificate.
18.
Client certificate
Client certificate is a type of digital certificate that is used by client systems to make
authenticated requests to a remote server. Client certificates play a key role in many mutual
authentication designs, providing strong assurances of a requester's identity.
19.
Client key
Authenticating the client to the server and establishing precisely who they are
After setting any of these parameters press
“Save”
button. Some of selected parameters will be shown in the
configuration list table. You should also be aware of the fact that router will launch separate OpenVPN service for every
configuration entry (if it is defined as active, of course) so the router has ability to act as server and client at the same
time.
8.5.2
IPSec
The IPsec protocol client enables the router to establish a secure connection to an IPsec peer via the Internet.
IPsec is supported in two modes - transport and tunnel. Transport mode creates secure point to point channel between
two hosts. Tunnel mode can be used to build a secure connection between two remote LANs serving as a VPN solution.

Rate

124.8 / 5 based on 304 votes.

Popular Teltonika Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top