equinux VPN Tracker 8.1.1 User Manual

If a pre-shared key or password is stored, the password entry field will be pre-
filled with this password, but the “Store in Keychain” checkbox will be turned
off in order to prevent you from accidentally replacing the stored password.

This settings is useful if
‣ You are using a VPN gateway that asks you to fill the password field with

password/pin + a generated one-time passcode. In that case, you can store
the password/pin in keychain and have it pre-filled, and then add the gen-
erated code every time you connect.

‣ You sometimes need to connect as a different XAUTH user but still want

your “regular” XAUTH user account to be stored in keychain.

Availability: always

Use stored XAUTH password as passcode

A VPN gateway can ask for an XAUTH password or for a generated one-time
passcode. Since it does not make sense to store

one-time passcodes in key-

chain, VPN Tracker does not offer this option by default.

However, some VPN gateways incorrectly ask for a passcode even though they
actually expect a password. In that case, enable this option to permit storing
the password in keychain etc.

Availability: always

Proposal Conflict Resolution

When VPN Tracker and the VPN gateway disagree about the lifetime or the
Perfect Forward Secrecy (PFS) setting, VPN Tracker can choose to accept the
VPN gateway’s proposal instead of insisting on its own settings (in which case
the connection attempt would fail).

Use remote proposals
VPN Tracker will use whatever settings the VPN gateway suggests, even if they
are less secure

Use remote proposals if more secure (strict)
VPN Tracker will use the settings the VPN gateway suggests if they are at least
as secure as the current settings in VPN Tracker

Use remote proposals if more secure
VPN Tracker will use the settings the VPN gateway suggests if they are at least
as secure as the current settings in VPN Tracker. If the lifetime mismatches and
the VPN gateway's lifetime is longer, VPN Tracker will attempt to use its own
(shorter) lifetime. While this will allow initial connectivity, it may lead to the
connection being dropped unexpectedly later on.

Never use remote proposals
VPN Tracker will treat a mismatch as an error and stop connecting.

Related Settings: Advanced > Phase 2 > Lifetime
Advanced > Phase 2 > Perfect Forward Secrecy (PFS)

Availability: Only available using a custom device profile.

Manually set MTU for network used by VPN

VPN Tracker normally uses an MTU (maximum transfer unit) of 1280 bytes. In
extremely rare circumstances it may be necessary to decrease the MTU further
in order to avoid fragmentation of network packets.

If you have to decrease the MTU, please be aware that the MTU in VPN Tracker
needs to be set to 52 bytes less than the actual MTU that can be used.

Availability: always

Padding

These settings determine how VPN Tracker handles cryptographic padding.
You should not change these settings unless instructed to do so by tech-
nical support.

Availability: Only available using a custom device profile.

Nonce Size

Determines the size of the nonce for the Diffie-Hellman (DH) key exchange.
You should not change this setting unless instructed to do so by technical
support.

57