D-Link DFL-260 Product Manual - Page 402
Pre-shared Keys
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 402 highlights
9.3.7. Pre-shared Keys Chapter 9. VPN 1. Go to Objects > VPN Objects > IPsec Algorithms > Add > IPsec Algorithms 2. Enter a name for the list, for example esp-l2tptunnel 3. Now check the following: • DES • 3DES • SHA1 • MD5 4. Click OK Then, apply the algorithm proposal list to the IPsec tunnel: 1. Go to Interfaces > IPsec 2. Select the target IPsec tunnel 3. Select the recently created esp-l2tptunnel in the IPsec Algorithms control 4. Click OK 9.3.7. Pre-shared Keys Pre-Shared Keys are used to authenticate VPN tunnels. The keys are secrets that are shared by the communicating parties before communication takes place. To communicate, both parties prove that they know the secret. The security of a shared secret depends on how "good" a passphrase is. Passphrases that are common words are extremely vulnerable to dictionary attacks. Pre-shared Keys can be generated automatically through the WebUI but they can also be generated through the CLI using the command pskgen (this command is fully documented in the CLI Reference Guide). Beware of Non-ASCII Characters in a PSK on Different Platforms! If a PSK is specified as a passphrase and not a hexadecimal value, the different encodings on different platforms can cause a problem with non-ASCII characters. Windows, for example, encodes pre-shared keys containing non ASCII characters in UTF-16 while NetDefendOS uses UTF-8. Even though they can seem the same at either end of the tunnel there will be a mismatch and this can sometimes cause problems when setting up a Windows L2TP client that connects to NetDefendOS. Example 9.2. Using a Pre-Shared key This example shows how to create a Pre-shared Key and apply it to a VPN tunnel. Since regular words and phrases are vulnerable to dictionary attacks, they should not be used as secrets. Here the pre-shared key is a randomly generated hexadecimal key. Note that this example does not illustrate how to add the specific IPsec tunnel object. Command-Line Interface First create a Pre-shared Key. To generate the key automatically with a 64 bit (the default) key, use: gw-world:/> pskgen MyPSK To have a longer, more secure 512 bit key the command would be: gw-world:/> pskgen MyPSK -size=512 Or alternatively, to add the Pre-shared Key manually, use: 402