Certificates, Nat-traversal – equinux VPN Tracker 6.4.6 User Manual

If you are setting up your VPN gateway from scratch: Using Per-
fect Forward Secrecy is recommended. If possible, use at least
"Group 2 (1024 bit)".

If you are using a Cisco device with Easy VPN: Cisco devices can transmit their
Perfect Forward Secrecy preference, and VPN Tracker will use Perfect Forward
Secrecy when requested by a Cisco VPN gateway.

Related Settings: Some devices will automatically use the same group here
as in Phase 1 > Diffie-Hellman (DH) Key Exchange

Availability: DH groups 14 to 18 require VPN Tracker Professional or Player
Edition.

Establish a separate phase 2 tunnel for each remote network

When connecting to multiple remote networks, VPN Tracker can either estab-
lish a separate VPN tunnel (Security Association, SA) for each network, or tun-
nel all traffic over a single tunnel. The single tunnel will use the first remote
network as the endpoint.

Which setting to use depends on the VPN gateway. Try connecting with the
default setting first. If you find that only one of multiple configured remote
networks is accessible when the VPN is connected, try changing the setting.

Related Settings: Basic > Network > Remote Networks
Advanced > Interoperability > Establish a Shared Tunnel to 0.0.0.0/0 for Split-
Tunneling

Availability: The setting is only available when connecting to multiple re-
mote networks and no DHCP over VPN (SonicWALL) is being used.

Certificates

Send Certificate

If turned on, VPN Tracker will send the local certificate to the VPN gateway.
This setting should normally be turned on. Only turn off this setting if your
VPN gateway has trouble dealing with certificates sent by connecting clients.

Related Settings: Basic > Authentication > Certificate

Availability: The setting is only available when certificates are used for
authentication.

Send Request for Remote Certificate

If turned on, VPN Tracker will request the VPN gateway’s certificate. This set-
ting should normally be turned on. Only turn off this setting if your VPN
gateway has trouble dealing with certificate requests from connecting clients.

Related Settings: Basic > Authentication > Certificate

Availability: The setting is only available when certificates are used for
authentication.

Verify Remote Certificate

This setting can be used to temporarily disable certificate verification for de-
bugging purposes.

Do not turn off this option except for debugging purposes!

Related Settings: Basic > Authentication > Certificate

Availability: The setting is only available when certificates are used for
authentication.

NAT-Traversal

Set NAT-Traversal to "Detect Automatically".

There are some very specific circumstances in which you may need to change
the setting, please read and understand → VPN and Network Address Transla-
tion (NAT), before making any changes to this setting.

Availability: always

56