Tripp Lite B0930082E4UM Owners Manual for B093- B097- and B098-Series Console - Page 60

4. Serial Port, Host, Device and User Configuration In Authentication Protocol, select the authentication protocol to be used. Either authenticate as part of ESP (Encapsulating Security Payload) encryption or separately using the AH (Authentication Header) protocol. Enter a Left ID and Right ID. The local host/gateway and remote host/gateway use this identifier for IPsec negotiation and authentication. Each ID must include a '@' and can include a fully qualified domain name preceded by '@' (e.g. left@ example.com). Enter the public IP or DNS address of this Tripp Lite VPN gateway as the Left Address. You can leave this blank to use the interface of the default route. In Right Address, enter the public IP or DNS address of the remote end of the tunnel (only if the remote end has a static or dyndns address). Otherwise, leave this blank. If the Tripp Lite VPN gateway is serving as a VPN gateway to a local subnet (e.g. the console server has a management LAN configured), enter the private subnet details in Left Subnet. Use the CIDR notation (where the IP address number is followed by a slash and the number of 'one' bits in the binary notation of the netmask). For example, 192.168.0.0/24 indicates an IP address where the first 24 bits are used as the network address. This is the same as 255.255.255.0. If the VPN access is only to the console server itself and to its attached serial console devices, leave Left Subnet blank. If there is a VPN gateway at the remote end, enter the private subnet details in Right Subnet. Again, use the CIDR notation and leave blank if there is only a remote host. Select Initiate Tunnel if the tunnel connection is to be initiated from the Left console server end. This can only be initiated from the VPN gateway (Left) if the remote end was configured with a static (or dyndns) IP address. Click Apply to save changes. Note: It is essential the configuration details set up on the advanced console server (referred to as the Left or Local host) exactly match the setup entered when configuring the Remote (Right) host/gateway or software client. 4.9 OpenVPN Console servers with firmware version 3.2 and later include OpenVPN. OpenVPN uses the OpenSSL library for encryption, authentication, and certification, which means it uses SSL/TSL (Secure Socket Layer/Transport Layer Security) for key exchange and can encrypt both data and control channels. Using OpenVPN allows for the building of cross-platform, point-topoint VPNs using either X.509 PKI (Public Key Infrastructure) or custom configuration files. OpenVPN allows secure tunneling of data through a single TCP/UDP port over an unsecured network, thus providing secure access to multiple sites and secure remote administration to a console server over the Internet. OpenVPN also allows the use of Dynamic IP addresses by both the server and client, thus providing client mobility. For example, an OpenVPN tunnel may be established between a roaming windows client and a Tripp Lite advanced console server within a data center. Configuration of OpenVPN can be a complex undertaking. For ease and convenience, Tripp Lite provides a simple GUI interface for basic set up as described below. For more detailed information on configuring OpenVPN Access server or client, refer to the HOW TO and FAQs at http://www.openvpn.net. 60