Description:
This document describes how to set up the LANCOM Advanced VPN Client with a connection profile that can use multiple VPN gateways (tunnel endpoints), and also how to control which of the specified gateways is selected when connecting.

A typical application that requires multiple VPN gateways to be specified in a VPN client connection profile would be a VRRP scenario, where two or more Internet connections are operated for redundancy.


Requirement:

Procedure:
1) Start the LANCOM Advanced VPN Client and open the menu Configuration → Profiles.
2) Select the VPN connection profile that you want to edit.
3) Navigate to the menu IPSec general settings.

4. If the gateway is equipped with a static, official IP address, enter that IP address.

Either the IPv4 or IPv6 protocol can be used to communicate between the Secure Enterprise Client and the VPN gateway. The IP address entered in this field must conform to the IPv4 or IPv6 address formatting rules, as appropriate.

These rules are as follow:

  • IPv4 (32 bit address):
    the address must be in the dotted decimal notation e.g. 15.168.1.253
  • IPv6 (128 bit address):
    the address must be in the hexadecimal notation (8 groups of 4 hex characters, separated by colon) e.g 2001:0db8:ac10:002b:0000:0000:0000:0002
    • Shortened representations are allowed:
      • Leading zeros can be suppressed e.g. 2001:db8:ac10:2b:0:0:0:2
      • Multiple zero groups can be concatenated to colon colon, e.g. 2001:db8:ac10:fe01:2b::2
  • Name string:
    If the gateway does not have a fixed IP address, then enter the DNS name. The DNS name has to be registered with a DynDNS provider and has to point to the current IP address of the gateway.
Alternative tunnel endpoints can be entered in addition to the first tunnel endpoint. The addresses must all be separated by comma (,) or all by semicolon (;). Spaces are not allowed as separators.
A maximum of four different tunnel endpoints may be defined in the Client for use in connection establishment. These will be selected as follow:
  • If the alternative tunnel endpoints are separated from each other by a semicolon (;), attempts to establish a connection will made in the sequence of tunnel endpoints, starting with the first entry in the list. If that attempt fails, the next address in the list will be used and the process will be repeated by the Client for a maximum of seven successive attempts or until a connection attempt is successful.
  • If the alternative tunnel endpoints are separated from each other by a comma (,), attempts to establish a connection will made in the sequence of tunnel endpoints, but the address of the first attempt will be chosen at random. If that attempt fails, the next address in the list will be used and the process will be repeated by the Client for a maximum of seven successive attempts or until a connection attempt is successful.



All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH