Loading ...
Loading ...
Loading ...
57
In Authentication Protocol, select the authentication protocol to be used. Either authenticate as part of ESP (Encapsulating
Security Payload) encryption or separately using the AH (Authentication Header) protocol.
Enter a Left ID and Right ID. The local host/gateway and remote host/gateway use this identifier for IPsec negotiation and
authentication. Each ID must include a ‘@’ and can include a fully qualified domain name preceded by ‘@’ (e.g. left@
example.com).
Enter the public IP or DNS address of this Tripp Lite VPN gateway as the Left Address. You can leave this blank to use the
interface of the default route.
In Right Address, enter the public IP or DNS address of the remote end of the tunnel (only if the remote end has a static or
dyndns address). Otherwise, leave this blank.
If the Tripp Lite VPN gateway is serving as a VPN gateway to a local subnet (e.g. the console server has a management LAN
configured), enter the private subnet details in Left Subnet. Use the CIDR notation (where the IP address number is followed
by a slash and the number of ‘one’ bits in the binary notation of the netmask). For example, 192.168.0.0/24 indicates an IP
address where the first 24 bits are used as the network address. This is the same as 255.255.255.0. If the VPN access is
only to the console server itself and to its attached serial console devices, leave Left Subnet blank.
If there is a VPN gateway at the remote end, enter the private subnet details in Right Subnet. Again, use the CIDR notation
and leave blank if there is only a remote host.
Select Initiate Tunnel if the tunnel connection is to be initiated from the Left console server end. This can only be initiated
from the VPN gateway (Left) if the remote end was configured with a static (or dyndns) IP address.
Click Apply to save changes.
Note: It is essential the configuration details set up on the advanced console server (referred to as the Left or Local host) exactly match the
setup entered when configuring the Remote (Right) host/gateway or software client.
4.9 OpenVPN
Console servers with firmware version 3.2 and later include OpenVPN. OpenVPN uses the OpenSSL library for encryption,
authentication, and certification, which means it uses SSL/TSL (Secure Socket Layer/Transport Layer Security) for key
exchange and can encrypt both data and control channels. Using OpenVPN allows for the building of cross-platform, point-to-
point VPNs using either X.509 PKI (Public Key Infrastructure) or custom configuration files.
OpenVPN allows secure tunneling of data through a single TCP/UDP port over an unsecured network, thus providing secure
access to multiple sites and secure remote administration to a console server over the Internet.
OpenVPN also allows the use of Dynamic IP addresses by both the server and client, thus providing client mobility. For
example, an OpenVPN tunnel may be established between a roaming windows client and a Tripp Lite advanced console server
within a data center.
Configuration of OpenVPN can be a complex undertaking. For ease and convenience, Tripp Lite provides a simple GUI interface
for basic set up as described below. For more detailed information on configuring OpenVPN Access server or client, refer to the
HOW TO and FAQs at http://www.openvpn.net.
4. Serial Port, Host, Device and User Configuration
Loading ...
Loading ...
Loading ...