Use this page to configure global settings for the VPN system.
Navigation: NETWORK > VPN > Global.
|Default local certificate|
|Certificate||The list of certificates to use for the host.|
|Certificate Subject||The entity the certificate belongs to, for example, a device, an individual, or an organization.|
|Certificate ID||Indicates the identity type of the certificate. For example, the subject, local IP address, host name or email address.|
|IPsec Road Warrior (and L2TP) Preshared Key|
|Preshared Key||The key used to authenticate.|
|Override MTU||Indicates if you want to override the Maximum Transmission Unit (MTU) size for packets using this connection.|
|L2TP and SSL VPN client configuration settings|
|Primary DNS||The primary Domain NS gateway for all connected L2TP road warriors to use.|
|Secondary DNS||The secondary DNS gateway for all connected L2TP road warriors to use.|
|Primary WINS||The primary Windows Internet Name Service (WINS) for all connected L2TP road warriors to use.|
|Secondary WINS||The secondary WINS for all connected L2TP road warriors to use.|
|L2TP client internal interface||The internal network interface that all L2TP road warriors are connected to.|
|SSL VPN settings|
|Enable SSL VPN||Turns on SSL VPN on the Smoothwall.|
The network protocol.
|SSL VPN network address||
SSL VPN users, when they connect, get an IP address on a virtual interface, within the Smoothwall. The IP range must not be one not used for any physical network. If the default subnet, 10.110.0/24, is taken by any existing network, configure this setting to use range not taken on the network.
Note: All devices they access must also have a route to this network because connected devices are placed on a virtual network.
|SSL VPN netmask||Virtual network inside the Smoothwall Filter and Firewall.|
|Force clients to use SSL VPN as gateway||Forces the device to send all its traffic through the SSL VPN connection. The Smoothwall can force all connected devices to route through it. This is generally better because it enforces the policy on the server end.|
|SSL VPN client gateway(s)||The host names, or IP address that devices connect to. Leaving this blank creates an archive containing all IP addresses of the external connections that are active at the time the archive is generated.|
|Enable TLS authentication||
Applies Transport Layer Security (TLS) authentication. TLS authentication can mitigate in a denial of service condition.
Note: For systems that have never had VPN configured, this setting is on by default. For systems that have had VPN configured, this setting is off by default.
|Choose random gateway||Devices can connect on a random address when multiple gateways are defined. This is good for load balancing over multiple links.|
|Generate client archive||Generates an archive containing the device software and the VPN settings but not custom scripts. If you want to include custom scripts in the archive use the SSL road warriors page to generate the archive.|
|Advanced »||Expands the page to show advanced settings.|
|Enable dead peer detection||Turns on a keep-alive mechanism on tunnels that support it. This setting, commonly abbreviated to DPD, means that the VPN system can almost instantly detect the failure of a tunnel and have it marked as Closed in the control page. If this feature is not used, it can take any time up to the rekeying interval (typically 20 minutes) to detect that a tunnel has failed. It's not enabled by default because not all IPsec implementations support this feature. In setups consisting exclusively of Smoothwall VPN gateways, it is recommended that this feature is enabled.|
|Copy TOS (Type of Service) bits in and out of tunnels||
Copies TOS bits into the tunnel from the outside as VPN traffic is received, and conversely in the other direction. This means you can treat the TOS bits of traffic inside the network (such as IP phones) in traffic shaping rules within Traffic and traffic shape them. If this option is not selected, the TOS bits are hidden inside the encrypted tunnel and you can't traffic shape VPN traffic.
Note: There's a possibility that enabling this setting can be used to spy on traffic.
|SSL VPN additional custom server configuration|
|Upload configuration file||The configuration that is used instead.|
|Choose File||Opens a dialog box so that you can upload your own bespoke configuration for SSL VPN.|
|File size||Indicates the size of the configuration file uploaded.|
|Upload configuration file||Uploads the selected configuration file.|
|Remove configuration file||Removes the uploaded configuration file.|
|Additional SSL VPN client internal interfaces|
|Port 1.57 Solutions||The interfaces on which to deploy the SSL VPN.|
|Port 3 S2 Imaging Network|
|Port 4 S4/S8 Imaging Network|
|Port 5 S10/S14 Imaging Network|