Quick Start Guide

Gigaset DE900 IP PRO / en / A31008-M2210-R101-4-7619 / web_configurator.fm / 05.09.2012

PRO Version 3, 30.05.2012

153

Configuring phone settings via the Web configurator

Authentication

Authentication for devices that wish to join a VPN takes place using a certificate. The imple-

mentation of certificate-based authentication over the TLS protocol uses public/private key

pairs or X.509 certificates The server and user each possess an individual certificate (public/

private). The OpenVPN server only allows connections signed by a known certification

authority.

The following encryption protocols can also be used.

Activate the required protocols:

Static Key (No X509 PKI)

Simple encryption protocol (one client, one server). A static key is generated from the IP

addresses of the server and client.

Enter the IP address of the OpenVPN server in the Remote Tunnel IP field.

Enter the IP address of your phone in the OpenVPN in the Local Tunnel IP field.

Hardening OpenVPN Security (tls-auth)

In this encryption protocol, all data packets are provided with an additional signature

(HMAC signature = Keyed-Hash Message Authentication Code).

DHCP relay

This function makes is possible for a DCHP sever on the other side of the VPN tunnel to assign

the IP address for the VPN to your telephone, rather than being assigned one from the IP

address pool of the OpenVPN server. This simplifies administration of IP addresses in complex

VPN structures, if, for example, all VPN networks need to belong to a single IP subnet.

Activate the OpenVPN Server DHCP relay mode function if you wish to allow a DHCP

server on the other side of the VPN tunnel to assign the IP address for the VPN to your tel-

ephone.

Saving settings

Click on Save to save your settings.

Loading certificate and key files

In the lower portion of the screen, you can load the certificates and keys for the OpenVPN

connection in your telephone or delete certificates and keys that have already been loaded.