Specifications
3
Firewall Administration System (FAS)
Figure 3.42: VPN: General Settings
A shared key is a random string. Quotation marks (") may not occur in the
shared key. Every connection can have its own shared key, but it must be the
same at both ends of a tunnel.
Transmitting the shared key must take place in a secure manner, because any-
one who knows this key can authenticate himself at the VPN gateway and
obtain access. For this reason, it is preferable to use X.509 certificates. If you
use dynamic IP addresses, you cannot use shared keys.
If you activate authentication via certificates, select the corresponding certifi-
cate with ‘Select’. To use a shared key, enter this in the corresponding entry
field.
IP Filter
In this dialog (see Figure 3.45 on page 90), allow or deny packets arriving
through the VPN tunnel on the basis of the defined filter rules. The check
box ‘allow all’ allows everything. If this is not activated, you can only al-
low certain packets for the VPN tunnel through the definition of filter rules.
In the first half of the mask, define the rules. The second half contains an
overview window displaying all defined rules.
87SuSE Linux – Firewall on CD2