tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
VPN connect<strong>io</strong>ns<br />
7.2 VPN Roadwarr<strong>io</strong>r Mode<br />
IPsec VPN ><br />
Connect<strong>io</strong>ns<br />
ONLY TAINY HMOD-V3-IO<br />
ONLY TAINY EMOD-V3-IO<br />
Funct<strong>io</strong>n The Roadwarr<strong>io</strong>r Mode makes it possible for the TAINY xMOD-V3-IO VPN to<br />
accept a VPN connect<strong>io</strong>n initiated by a remote stat<strong>io</strong>n with an unknown IP<br />
address. The remote stat<strong>io</strong>n must authenticate itself properly; in this VPN<br />
connect<strong>io</strong>n there is no identificat<strong>io</strong>n of the remote stat<strong>io</strong>n based on the IP<br />
address or the hostname of the remote stat<strong>io</strong>n.<br />
Roadwarr<strong>io</strong>r Mode<br />
Edit Settings<br />
Funct<strong>io</strong>n Set the TAINY xMOD-V3-IO up in accordance with what has been agreed<br />
with the system administrator of the remote stat<strong>io</strong>n.<br />
Authenticat<strong>io</strong>n method Select the authenticat<strong>io</strong>n method in accordance with what you have agreed<br />
with the system administrator of the remote stat<strong>io</strong>n.<br />
The TAINY xMOD-V3-IO supports three methods:<br />
� X.509 certificate<br />
� CA certificate<br />
� Pre-shared key<br />
X.509 certificate, CA certificate<br />
In the authenticat<strong>io</strong>n methods X.509 certificate and CA certificate, the keys<br />
used for authenticat<strong>io</strong>n have first been signed by a Certificat<strong>io</strong>n Authority<br />
(CA). This method is considered especially secure. A CA can be a service<br />
provider, but also, for example, the system administrator for your project,<br />
provided that he has the necessary software tools. The CA creates a<br />
certificate file (PKCS12) with the file extens<strong>io</strong>n *p12 for each of the two<br />
remote stat<strong>io</strong>ns. This certificate file contains the public and private keys for<br />
the own stat<strong>io</strong>n, the signed certificate from the CA, and the public key of the<br />
CA. For the authenticat<strong>io</strong>n method X.509 there is addit<strong>io</strong>nally a key file<br />
(*.pem or *.crt) for each of the two remote stat<strong>io</strong>ns with the public key of the<br />
own stat<strong>io</strong>n.<br />
X.509 certificate The public keys (files with extens<strong>io</strong>n *.pem or *.crt) are<br />
exchanged between the TAINY xMOD-V3-IO and the<br />
remote stat<strong>io</strong>n's VPN gateway takes place manually, for<br />
example on a CD-ROM or via e-mail. To load the<br />
certificate, proceed as described in Chapter 7.4.<br />
Page 60 of 111 TAINY xMOD