User manual

Currently established IPsec tunnels can be listed and their usage examined through the IPsec option

in the Status menu (see Section 6.8, “IPsec Status”).

4.4.2. L2TP/PPTP Client

This option allows a tunnel to be set up where the DFL-160 acts as a L2TP or PPTP client. In this

mode, a tunnel is set up where the DFL-160 connects to an L2TP or PPTP server.

In this mode, users and hosts on the DFL-160 LAN and DMZ interfaces can connect securely to

resources at the other end of the tunnel. Unlike pure IPsec VPN where separate VPN tunnels are set

up for each user or host, only one L2TP tunnel is set up and all traffic flows through it.

The following sections appear in the web interface for setup:

A. General

B. Authentication

C. IPsec Encryption

D. Security Authentication

E. MPPE

F. Dial-on-Demand

A. General

In this section, the tunnel is named and the protocol (L2TP or PPTP is chosen).

The Remote endpoint is the IP address of the other end of the tunnel (the server's IP address). It can

be specified as a URI such as gw.domain.com but if it is then the prefix dns: must be added so the

full entry would be dns:gw.domain.com.

The Remote Network is the network behind the server to which the client will communicate.

B. Authentication

The client will need a username and password for authentication.

C. IPsec Encryption

L2TP usually uses IPsec as its encryption method.

D. Security Authentication

This section specifies how authentication is done when connecting to the server.

E. MPPE

Microsoft Point to Point Encryption (MPPE) is an optional encryption method usually used only by

PPTP. The method chosen must be compatible with the method chosen on the server.

F. Dial-on-Demand

If this option is enabled, the tunnel will not be set up until traffic is actually sent.

4.4.2. L2TP/PPTP Client Chapter 4. The Firewall Menu