D-Link DWC-1000 User Manual 277
Section 7 - VPN
Field Description
Mode Select Server.
VPN Network Enter the IP network for the VPN.
VPN Netmask Enter the netmask.
Duplicate CN
This feature allows multiple clients with the same common name to concurrently connect.
Duplicate CN option can be congured on server side. If we enable this option, we will be able
to use same certicate to connect for multiple clients. For this feature, user based authentication
is also required and multiple clients require to have their respective user-name and password.
Port Enter what port to use. The default port is 1194.
Tunnel Protocol Select either TCP or UDP.
Encryption Algo-
rithm
Select the encryption algorithm from the drop-down menu.
Hash Algorithm Select the hash algorithm from the drop-down menu.
Tunnel Type
Select either Full Tunnel or Split Tunnel. Full Tunnel mode just sends all trac from the client
across the VPN tunnel to the controller. Split Tunnel mode only sends trac to the private LAN
based on pre-specied client routes. If you select Split Tunnel, refer to “LAN Conguration” on
page 137 to create local networks.
Certicates
Select the set of certicates openvpn server uses. First Row: Set of certicates and keys the
server uses. Second Row: Set of certicates and keys newly uploaded.
Enable Tls Authenti-
cation Key
Enabling this adds Tls authentication which adds an additional layer of authentication. Can be
checked only when the tls key is uploaded. Disabled by default.
Block Invalid Client
Certicates
Enabling this adds facility to block invalid client certicate. This feature requires crl certicate
which contains list of client certicates to be blocked. Please upload crl certicate in OpenVPN
Authentication page.
Allow only User
Based Auth Congu-
ration
This method does not require the client certicate, client will authenticate using the username/
password only.
User Based Auth
Conguration
This option is introduced to provide the additional authentication method using username/
password.
Authentication
Server
Shows the available authentication servers among which one can be selected for openvpn. All
users login into the OmniSSL portal for this openvpn are authenticated through the selected
server. Available authentication servers are 1)Local User Database 2)Radius Server 3)LDAP
Server 4)POP3 5)Active Directory 6)NT Domain
Authentication Type
This option is only congurable when authentication server is selected as Radius Server. The
available authentication types are PAP/CHAP/MSCHAP/MSCHAPV2.
Save Click Save to save and activate your settings.