VPN Clients:
The table displays the list of all VPN clients configured in UniBox.
Each row displays the VPN client name, tunnel protocol, client mode, LAN Profile, Server Ip Address and the status of the server. The last column allows the edit and delete operations.
The “+” sign allows admin to add a new VPN client.
Step 1 - Add VPN Client profile: -
| Fields | Description |
| Enable VPN Client | If enabled, VPN Client is enabled. |
| Profile name | Name of the VPN client. |
| Server IP Address | Enter the IP server IP address. |
| Port Number | Enter the port number for VPN client. |
| Tunnel Protocol |
Select the tunnel protocol (TCP or UDP) |
| Client Mode |
Select the VPN client mode. TAP mode works on layer-2 and acts like a switch. The TUN mode works on layer-3 / network layer and is responsible for routing the packets. TAP is bridging whereas TUN is routing. |
| LAN Profile | Select the LAN profile. You can also select multiple profile at a time. |
| User Certificate |
Enter the user certificate. |
| CA Certificate | Enter the private server key. |
| Private Client Key |
Select the cipher. |
| Cipher | Select the cipher |
| HMAC | Select the HMAC |
| Enable TLS Authentication | If enabled, TLS authentication is enabled |
| TLS Authentication Key | Enter the authentication key for TLS authentication. |
| LZO data |
Check if the client will enable LZO data |
This section allows admin to run a VPN client inside UniBox. This feature is beneficial if admin wants to offer VPN access into the enterprise network. The VPN can run into two modes - TUN and TAP. The section below explains the pros and cons of each. Select the appropriate method.
TAP Benefits:
1. Behaves like a real network adaptor (except it is a virtual network adaptor)
2. Can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc)
3. Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel
4. Can be used in bridges
TAP Drawbacks:
1. Causes much more broadcast overhead on the VPN tunnel
2. Adds the overhead of Ethernet headers on all packets transported over the VPN tunnel
3. Scales poorly
TUN Benefits:
1. A lower traffic overhead, transports only traffic which is destined for the VPN client
2. Transports only layer 3 IP packets
TUN Drawbacks:
1. Broadcast traffic is not normally transported
2. Can only transport IPv4 (OpenVPN 2.3 adds IPv6)
3. Cannot be used in bridges
The VPN client will require a signed SSL certificate for authenticating the client. By default, UniBox comes with a signed SSL certificate but the client can upload their own SSL certificate in UniBox.
Note- Administrator can also edit and delete the VPN client profile by clicking on the icons.
VPN Server:
The table displays the list of all VPN servers configured in UniBox. Each row displays the VPN server name, tunnel protocol, server mode, LAN Profile, IPv4 Address and the status of the server. The last column allows the edit and delete options. The + sign allows admin to add a new VPN server.
Step 2 - Add VPN Server Profile-
| Fields | Description |
| Enable VPN Server | If enabled, VPN server is enabled. |
| Profile name | Name of the VPN server |
| Server IP Address | Enter the IP server IP address. |
| Port Number | Enter the port number for VPN server |
| Tunnel Protocol |
Select the tunnel protocol (TCP or UDP) |
| Client Mode |
Select the VPN server mode. TAP mode works on layer-2 and acts like a switch. The TUN mode works on layer-3 / network layer and is responsible for routing the packets. TAP is bridging whereas TUN is routing. |
| LAN Profile | Select the LAN profile. You can also select multiple profile at a time. |
| User Certificate |
Enter the user certificate. |
| CA Certificate | Enter the private server key. |
| Private server Key |
Select the cipher. |
| Cipher | Select the cipher |
| HMAC | Select the HMAC |
| Enable TLS Authentication | If enabled, TLS authentication is enabled |
| TLS Authentication Key | Enter the authentication key for TLS authentication. |
| LZO data |
Check if the client will enable LZO data |
This section allows admin to run a VPN server inside UniBox. This feature is beneficial if admin wants to offer VPN access into the enterprise network. The VPN can run into two modes - TUN and TAP. The section below explains the pros and cons of each. Select the appropriate method.
TAP benefits: -
- behaves like a real network adapter (except it is a virtual network adapter)
- can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc)
- Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel
- Can be used in bridges
TAP drawbacks: -
- causes much more broadcast overhead on the VPN tunnel
- adds the overhead of Ethernet headers on all packets transported over the VPN tunnel
- scales poorly
TUN benefits:-
- A lower traffic overhead, transports only traffic which is destined for the VPN client
- Transports only layer 3 IP packets
TUN drawbacks: -
- Broadcast traffic is not normally transported
- Can only transport IPv4 (OpenVPN 2.3 adds IPv6)
- Cannot be used in bridges
The VPN server will require a signed SSL certificate for authenticating the client. By default, UniBox comes with a signed SSL certificate but the client can upload their own SSL certificate in UniBox.
Note- Administrator can also edit and delete the VPN client profile by clicking on the icons for Edit and delete.
0 Comments