Technical information
Watson SHDSL Router
Web-based Management Manual
Watson-SHDSL-Router-GUI-Manual.doc
Version 2.3-03
8-86
Revision: 2012-02-29
7. Click 'Next', the 'Connection Summary' screen appears.
Figure 8-107: Connection Summary
8. Select the 'Edit the Newly Created Connection' check box, and click 'Finish'. The
'VPN IPSec Properties' screen appears, displaying the 'General' tab.
9. Press the 'IPSec' tab, and configure the following settings:
Deselect the 'Compress' check box.
Under 'Hash Algorithm', deselect the 'Allow Peers to Use MD5' check box.
Under 'Group Description Attribute', deselect the 'DH Group 5 (1536 bit)' check
box.
Under 'Encryption Algorithm', deselect the 'Allow AH Protocol (No Encryption)'
check box.
10. Click 'OK' to save the settings. The 'Network Connections' screen appears.
Note that the IPSec connection's status has changed to "Connected".
8.4.1.5.3 Gateway-to-Gateway with Peer Authentication of Certificates
An additional authentication method for a gateway-to-gateway VPN is peer authen-
tication of certificates. Authentication is performed when each gateway presents a
certificate, signed by a mutually agreed upon Certificate Authority (CA), to the other
gateway.
For testing purposes, Linux provides a mechanism for creating self-signed certifi-
cates, thus eliminating the need to acquire them from the CA. This section provides
a description for this procedure, after which you will be able to use these certifi-
cates for authentication of the gateway-to-gateway VPN connection.
To create a self-signed certificate, perform the following:
1. Install the OpenSSL Debian package:
$ rt apt-get install openssl
2. Create a directory for the certificates:
$ cd ~
$ mkdir cert_create
$ cd cert_create/