equinux VPN Tracker 5.4.4 User Manual

For custom devices, VPN Tracker preselects a standard set of
proposals etc. We will highlight only the parameters which
require special attention.
‣ The exchange mode for Phase 1 is either “main” or

“aggressive”

‣ There needs to be at least one set of matching proposals

(combination of encryption, hash algorithm and Diffie-
Hellman group) for Phase 1 between the gateway and VPN
Tracker.

‣ For Phase 2, the requirement is the same. If a Diffie-Hellman

group is specified for Phase 2 on the gateway, please make
sure to enable

Perfect Forward Secrecy (PFS)

Note

It is usually safe to select multiple algorithms, but

some devices stop responding when being sent
more than one proposal

‣ Synchronize the lifetimes for both Phase 1 and Phase 2 with

the gateway. Lifetime differences might not prevent a tunnel
from being established, but they will cause problems when
negotiating new keys (re-keying)

For the other advanced settings, there’s a general rule: If you
don’t know them, don’t touch them. You might have to edit
them when your custom connection fails, but it is
recommended to try connecting with the defaults first.

31