Remote Host
The Remote Host settings are used to define the basic VPN Gateway operation.
Enter the host name or IP address for the VPN Client Gateway that will service this site. The use of a host name instead of static IP address is recommended when non-address Peer identifiers are used. This allows the public gateway address to be modified without invalidating Client Site Configurations.
Port
Enter the UDP port that the VPN Client Gateway is using for IKE services. The default value for this setting is UDP port 500.
Configuration Method
Select the method used to automatically configure client settings. The method chosen should match the method supported by your VPN Gateway. The default value for this setting is Pull as it is the only method supported by the IPsec Tools racoon daemon.
Two Configuration Methods are available:
Disabled |
This method disables all automatic client configuration. |
IKE Configuration Pull |
This method allows the client to request settings from a Gateway during the Configuration Exchange. If the Gateway supports the Pull method, it will attempt to return a list of settings that it supports for client use. |
IKE Configuration Push |
This method allows a Gateway to offer settings to the Client during the Configuration Exchange. If the client is configured to use the Push method, it will return a list of settings that it has accepted for use. |
DHCP Over IPsec |
This method allows the client to request settings from a Gateway using the DHCP over IPsec configuration method. |
PLEASE NOTE: The DHCP over IPsec option is considered experimental.
Local Host
The Local Host settings are used to define the basic VPN Client operation.
Select the method used to address the private network traffic.
Two Address Methods are available.
Virtual Adapter Mode |
This mode allows the client to use a virtual adapter and a gateway assigned address. |
Direct Adapter Mode |
This mode allows the client to use an existing adapter and its current address. |
Adapter MTU
When the client is set to use Virtual Adapter Mode, the adapter MTU can be specified. Communications problems caused by IP fragmentation issues can be resolved by setting the MTU to a lower value.
Adapter Address and Netmask
When a remote gateway is configured to support the Configuration Exchange, it can be configured to assign a valid client address and netmask automatically. If not, uncheck the Obtain Automatically option and enter a valid Client Address and Client Netmask for this site configuration.