Versionen im Vergleich

Alte Version 25

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version 26

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

  • Username: From the drop-down menu, select the name of the user account created in step 3.5.
  • Hash algorithm: From the drop-down menu, select the option SHA-256. If your authenticator app does not support the hash algorithm SHA256, you can use SHA1.
  • Time step: This parameter is the interval after which a new OTP token is generated. Leave the setting at the default value of 30 seconds.  
  • Network delay: This parameter specifies the number of time steps by which the clock of the end device with the authenticator app may deviate from the time of the router. The router then also checks the OTPs before and after. Leave this setting at the default value of 1 (i.e. OTPs are checked 30 seconds before and after). 
  • Secret: Enter a 16-digit password. This should contain capital letters and numbers only. The password is encoded in Base32 and shared with the authenticator. 
  • Issuer: Enter a descriptive name for the issuer (in this example LANCOM-OTP).
  • Number digits: Leave the setting at the default value of 6 characters

...

4.1) Connect to the web interface of the LANCOM router, switch to the menu Tools Extras → Download current CA certificate certificate and save the certificate.

...

5.1) In the Advanced VPN Client, navigate to the menu Configuration→ Configuration → Profiles.

5.2) Click on Add / importImport to create a new VPN connection.

5.3) Select Link to corporate network using Corporate Network Using IPsec and click on Next.

5.4) Enter a descriptive profile name Profile Name.

5.5) From the drop-down menu, select the Communication media Media to be used for establishing the VPN connection.

Info

If you wish to establish the VPN connection with different connection media (e.g. LAN and Wi-Fi), select automatic media detection.

5.6) Under Gateway (tunnel endpointTunnel Endpoint) enter the public IP address or the DNS name of the router.

...

5.7) Enter the following parameters:

  • Exchange modeMode: From the drop-down menu, select IKEv2.
  • PFS Group: From the drop-down menu, select DH14 (modp2048).

...

5.11) Mark the VPN profile created in the steps 5.1 – 5.10 and click Edit.

5.12) Go to the tab IPsec general settings General Settings and set the IKEv2 authentication Authentication to EAP.

5.13) Switch to the Identities tab and enter the user name of the RADIUS user as the Local Identity and also the OTP user name as the user ID for the EAP Authentication. You must also enter any password under EAP Authentication as the field may not be left empty.

...