Operation Manual

Add/Edit Tunnel – General

Tunnel Name: Give the tunnel a name that uniquely identifies it.

Anonymous Mode: Select to allow remote connections from any IP address.

Responder Mode: When enabled, the router will not initiate negotiation with peers, otherwise start negotiations as soon

as possible.

Local Identity: Specifies the identifier sent to the remote host during phase 1 negotiation. If left blank it will default to the

IP address of the WAN connection. Currently we only support identifiers in the form of an IP address, a user-fully

qualified domain name (user@mydomain.com) or just a fully qualified domain name (www.mydomain.com). If the

remote side of the tunnel is configured to expect an identifier, then both must match in order for the negotiation to

succeed. If NAT-T is being used, a single word (instead of an address) can be used if a DynDNS connection is not being

used.

Remote Identity: Specifies the identifier we expect to receive from the remote host during phase 1 negotiation. If no

identifier is defined then no verification of the remote peer's identification will be done. Currently we only support

identifiers in the form of an IP address, a user-fully qualified domain name (user@mydomain.com) or just a fully qualified

domain name (www.mydomain.com). If left blank we will default to the IP address of the WAN connection. If NAT-T is

being used, a single word (instead of an address) can be used if a DynDNS connection is not being used.

Authentication Mode: Select from Pre-Shared Key and Certificate. Pre-Shared Key is used when there is a single

key common to both ends of the VPN. Certificate requires the creation of a set of certificates and a private key that can

be uploaded to the router. Select Enable Certificate Support in the Global VPN Settings section to upload a single set

of certificates for the router to use.

152