|
Talisman/VPN V1.3.7 Firmware
Please choose the appropriate file for your router manufacturer and model.
Talisman/VPN supports IPSec tunnels (i.e. ESP) with IKE key exchange.
You can set up multiple, distinct IPSec tunnels.
The tunnel encryption can be DES, 3DES, or AES (recommended).
The tunnel HMAC can be SHA1 or MD5.
The IPSec setup page is in the web GUI under Security->IPSec.
Tunnel status can be checked on the Status->VPN web page.
The build was interop tested with other Talisman/VPN routers and with Linux 2.6 running ipsec-tools (a.k.a. "racoon"). It should work with any standard IPSec implementation including Cisco, Windows, etc.
The IKE key exhange uses 3DES-MD5-MODP1024 for the phase1 exchange.
The phase2 exhange uses the same encryption you selected for the IPSec tunnel.
ROAMING CLIENTS
To support roaming clients without fixed IP addresses both Aggressive Mode and Passive Mode flags have been added. Passive Mode is enabled on the server side together with Aggressive Mode. When Passive Mode is enabled the server will not initiate IPSec tunnel connections but it will remain "passive" and accept IPSec tunnel connections from clients. Both the clients and server must also use Aggressive Mode. The tunnel name is used as the authentication ID instead of IP addresses. Thus the tunnel name MUST match on the client and server.
If Aggressive Mode is enabled for any tunnel then the default handshake for the IKE key exhange will use 3DES-MD5-MODP1024 and Aggressive Mode for the phase1 exchange for all tunnels (whether or not an individual tunnel uses Aggressive Mode for further exchanges).
|
Copyright 2010