User's Manual

ManualsBrandsAdvantech ManualsComputers & AccessoriesIndustrial LoRaWAN gateway

Table Of Contents

38 WISE-6610 Series User Manual

The function supports the following types of identifiers (ID) for both sides of the

tunnel, Remote ID and Local ID parameters:

 IP address (for example, 192.168.1.1)

 DN (for example, C=CZ, O=CompanyName, OU=TP, CN=A)

 FQDN (for example, @director.companyname.cz) - the @ symbol proceeds the

FQDN.

 User FQDN (for example, director@companyname.cz)

The certificates and private keys have to be in the PEM format. Use only certificates

containing start and stop tags.

The random time, after which the device re-exchanges new keys is defined as

follows:

IKE DH Group Specifies the Diffie-Hellman groups which determine the strength of

the key used in the key exchange process. Higher group numbers are

more secure, but require more time to compute the key.

ESP Algorithm Specifies the means by which the device selects the algorithm:

 auto - The encryption and hash algorithm are selected

automatically.

 manual - The encryption and hash algorithm are defined by the

user.

ESP Encryption Encryption algorithm - DES, 3DES, AES128, AES192, AES256.

ESP Hash Hash algorithm - MD5, SHA1, SHA256, SHA384 or SHA512.

PFS Enables/disables the Perfect Forward Secrecy function. The function

ensures that derived session keys are not compromised if one of the

private keys is compromised in the future.

PFS DH Group Specifies the Diffie-Hellman group number (see IKE DH Group).

Key Lifetime Lifetime key data part of tunnel. The minimum value of this parameter

is 60 s. The maximum value is 86400 s.

IKE Lifetime Lifetime key service part of tunnel. The minimum value of this

parameter is 60 s. The maximum value is 86400 s.

Rekey Margin Specifies how long before a connection expires that the device

attempts to negotiate a replacement. Specify a maximum value that is

less than half of IKE and Key Lifetime parameters.

Rekey Fuzz Percentage of time for the Rekey Margin extension.

DPD Delay Time after which the tunnel functionality is tested.

DPD Timeout The period during which device waits for a response.

Authenticate Mode Specifies the means by which the device authenticates:

 Pre-shared key - Sets the shared key for both sides of the

tunnel.

 X.509 Certificate - Allows X.509 authentication in multiclient

mode.

Pre-shared Key Specifies the shared key for both sides of the tunnel. The prerequisite

for entering a key is that you select pre-shared key as the

authentication mode.

CA Certificate Certificate for X.509 authentication.

Remote Certificate Certificate for X.509 authentication.

Local Certificate Certificate for X.509 authentication.

Local Private Key Private key for X.509 authentication.

Local Passphrase Passphrase used during private key generation.

Debug Choose the level of verbosity to System Log. Silent (default), audit,

control, control-more, raw, private (most verbose including the private

keys). See strongSwan documentation for more details.

Item Description