Certificates, Traffic control – equinux VPN Tracker 8.1.1 User Manual

VPN Gateway Setting: Some devices do not have a dedicated setting for the
PFS DH group. These devices typically use the same group as for phase 1.

Establish a separate phase 2 tunnel for each remote network

When connecting to multiple remote networks, VPN Tracker can either estab-
lish a separate VPN tunnel (Security Association, SA) for each network, or send
all traffic over a single tunnel. The single tunnel will use the first remote net-
work as the endpoint.

Which setting to use depends on the VPN gateway. If you find that with a
single tunnel you cannot access any remote network but the first, then try
swapping the order of the remote networks. If you can now access the new
first network, then you likely need this setting turned on (or, less likely, your
VPN gateway supports only a single remote network for the connection).

Cisco EasyVPN-based VPN gateways are a special case, here you should almost
always uncheck this setting

and enable “Establish a Shared Tunnel to 0.0.0.0/0

for Split-Tunneling” in the Interoperability settings.

Related Settings: Basic > Network > Remote Networks
Advanced > Interoperability > Cisco > Establish a Shared Tunnel to 0.0.0.0/0
for Split-Tunneling

Availability: The setting is available only if there are multiple remote net-
works, or when using an automatic configuration method that could lead to
connecting to multiple remote networks.

Certificates

Send Certificate

If turned on, VPN Tracker will send the local certificate to the VPN gateway.
This setting should normally be turned on. Only turn off this setting if your
VPN gateway has trouble dealing with certificates sent by connecting clients.

Related Settings: Basic > Authentication > Certificate

Availability: The setting is only available for certificate-based authentication.

Send Request for Remote Certificate

If turned on, VPN Tracker will request the VPN gateway’s certificate. This set-
ting should normally be turned on. Only turn off this setting if your VPN
gateway has trouble dealing with certificate requests from connecting clients.
In that case, you’ll need to have the VPN gateway’s certificate in your keychain.

Related Settings: Basic > Authentication > Certificate

Availability: The setting is only available for certificate-based authentication.

Verify Remote Certificate

This setting can be used to temporarily disable certificate verification for de-
bugging purposes.

Do not turn off this option except for debugging purposes!

Related Settings: Basic > Authentication > Certificate

Availability: The setting is only available for certificate-based authentication.

Traffic Control

Traffic Control provides more fine-grained control over the traffic that will be
sent through the VPN or exempted from it.

Traffic Control is an advanced feature that can cause traffic not to
be encrypted. If you are unsure whether Traffic Control can help
with your particular scenario, please contact support.

Always exempt the addresses below from the VPN

Use this setting to exempt certain addresses from the VPN that would other-
wise be sent through it.

53