tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
VPN connect<strong>io</strong>ns<br />
CA certificate The public keys are exchanged between the TAINY<br />
xMOD-V3-IO and the remote stat<strong>io</strong>n's VPN gateway via<br />
the data connect<strong>io</strong>n when the VPN connect<strong>io</strong>n is<br />
established. Manual exchange of the key files is not<br />
necessary.<br />
Pre-shared secret key (PSK)<br />
This method is primarily supported by older IPsec implementat<strong>io</strong>ns. Here<br />
authenticat<strong>io</strong>n is performed with a character string agreed on beforehand. In<br />
order to obtain high security, the character string should consist of about<br />
randomly-selected 30 lower-case and upper-case letters and numerals.<br />
The following characters are permitted:<br />
! $ % & ' ( ) * + , . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L<br />
M N O P Q R S T U V W X Y Z [ \ ] ^ ` a b c d e f g h I j k l m n o p q r s t u v<br />
w x y z { | } #<br />
Entered characters can not be read.<br />
Remote certificate If you have selected X.509 certificate as the authenticat<strong>io</strong>n method, then a<br />
list of the remote certificates that you have already loaded into the TAINY<br />
xMOD-V3-IO is displayed here. Select the certificate for the VPN connect<strong>io</strong>n.<br />
Remote ID<br />
Local ID<br />
The Local ID and the Remote ID are used by IPsec to identify the remote<br />
stat<strong>io</strong>ns uniquely when establishing the VPN connect<strong>io</strong>n. The own Local ID<br />
constitutes the Remote ID of the remote stat<strong>io</strong>n and vice versa.<br />
For authenticat<strong>io</strong>n with X.509 certificate or CA certificate:<br />
� If you keep the factory setting NONE, then the Distinguished Names<br />
from the own certificate and from the certificate communicated by the<br />
remote stat<strong>io</strong>n are automatically used as the Local ID and Remote ID.<br />
� If you manually change the entry for the Local ID or the Remote ID,<br />
then the corresponding entries must be adapted at the remote stat<strong>io</strong>n.<br />
The manual entry for Local or Remote ID must be made in the ASN.1<br />
format, e.g. "C=XY/O=XY Org/CN=xy.org.org"<br />
For authenticat<strong>io</strong>n with pre-shared secret key (PSK):<br />
� In Roadwarr<strong>io</strong>r Mode the Remote ID must be entered manually. The<br />
Remote ID must have the format of a hostname (e.g.<br />
RemoteStat<strong>io</strong>n.de) or the format of an e-mail address<br />
(remote@stat<strong>io</strong>n.de), and must be the same as the Local ID of the<br />
remote stat<strong>io</strong>n.<br />
The Local ID can be left on NONE. In this case the IP address is used<br />
as the local IP address. If you enter a Local ID; then it must have the<br />
format of a hostname (e.g. RemoteStat<strong>io</strong>n.de) or the format of an email<br />
address (remote@stat<strong>io</strong>n.de), and must be the same as the<br />
Local ID of the remote stat<strong>io</strong>n.<br />
TAINY xMOD Page 61 of 111