TP-Link OC200 Omada Controller Software 4.1.5Windows/Linux User Guide - Page 126
Configuring Client-to-Site VPN, your Omada managed gateway and the protocol that you used
![]() |
View all TP-Link OC200 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 126 highlights
Chapter 4 Configure the Network with Omada SDN Controller Proposal PFS SA Lifetime Specify the proposal for IKE negotiation phase-2. An IPsec proposal lists the encryption algorithm, authentication algorithm and protocol to be negotiated with the remote IPsec peer. Note that both peer gateways must be configured to use the same Proposal. Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the key generated in phase-2 will be irrelevant with the key in phase-1, which enhance the network security. With None selected, it means PFS is disabled and the key in phase-2 will be generated based on the key in phase-1. Specify IPsec SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime expired, the related IPsec SA will be deleted. ■■ Configuring Client-to-Site VPN Omada managed gateway supports seven types of client-to-Site VPNs depending on the role of your Omada managed gateway and the protocol that you used: Configuring the gateway as a VPN server using L2TP Configuring the gateway as a VPN server using PPTP Configuring the gateway as a VPN server using IPsec Configuring the gateway as a VPN server using OpenVPN Configuring the gateway as a VPN client using L2TP Configuring the gateway as a VPN client using PPTP Configuring the gateway as a VPN client using OpenVPN • Configuring the gateway as a VPN server using L2TP 1. Go to Settings > VPN. Click to load the following page. 124
![](/manual_guide/products/tplink-omada-software-controller-omada-controller-software-415windowslinux-user-guide-e154318/126.png)