IPsec Settings
Navigate to the following window on path CONFIGURATION > Configuration Tree > your box > Assigned Services > VPN Service > VPN Settings > IPsec.
Setting | Value(s) | Description |
|---|---|---|
Use IPsec dynamic IPs | Selected Unselected* | Select the checkbox if the service is connected to the Internet via a dynamic link (dynamic IP address). The server IP address is not yet known at configuration time and IKE then listens to all local IP addresses. |
IKEv1
Setting | Value(s) | Description |
|---|---|---|
Timeout | 30 | The maximum period to wait until the request for IPsec tunnel connection establishment must be approved by the remote peer. |
Tunnel check interval [s] | 30 | The interval between queries for a valid exchange that is assignable to an IPsec tunnel. |
Dead Peer Detection Interval [s] | 5 | Tunnels can be configured to be Active or Passive. An active tunnel is capable of establishing a connection while a passive tunnel is waiting for a connection request. This parameter sets the interval between keep-alive checks on the remote peer. |
IKEv1 Log Class | ALL* | The debug log class of IKEv2. Do not select a log class different than ALL if the log is not required for solving issues. |
IKEv1 Log Level | 0* | The debug log level of IKE. The debug log may be very βnoisy.β Do not select a log level greater than 0 if the log is not required for solving an issue. |
Pre-shared key (PSK) | - | Holds the pre-shared IKE key. |
IKEv2
Setting | Value(s) | Description |
|---|---|---|
Start IKEv2 | Selected* Deselected | If selected, IKEv2 will be used. If deselected, IKEv2 will be disabled and some additional memory will be saved. |
IKEv2 Make Before Break | Selected Deselected | Selecting this option creates a duplicate of the IKE and all IPsec SAs, and the deletes the old ones. This setting requires that both peers can handle overlapping SAs. |
IKEv2 Log Class | All* | The debug log class of IKEv2. Do not select a log class different than ALL if the log is not required for solving issues. |
IKEv2 Log Level | 0 | The debug log level of IKEv2. Do not select a log level greater than 0 if the log is not required for solving an issue. |
IKEv2 Suppress Network Change Events | Selected Deselected* | This is an advanced setting. If selected, network interface/address/route changes which may cause an automatic reconnect of the VPN tunnel will be ignored. This parameter becomes active after a restart of the IKEv2 daemon. Restart the VPN service or execute |