Networking
51
© 2021 Cypress Solutions
Complete Manual: CTM-200 R2 (Revision 1.4)
15.
Networking
15.1
VPN
15.1.1
IPSec
The CTM-200 supports IPSec VPN communications.
The CTM-200 uses the KAME IPSec-tools: setkey tool to manipulate the Security Policy Database
(SPD) and Security Association Database (SAD), and the raccoon Internet Key Exchange (IKE)
daemon within the OpenCTM Linux 3.2 environment.
To successfully setup an IPSec communication tunnel between a CTM-200 and other VPN hardware a
variety of settings must be configured. A partial list required to begin to create a test environment is
below:
•
server public IP
•
server LAN IP subnet / netmask
•
a pre-shared key for IPSec
•
transport type : ESP / AH
•
IKE Encryption and Diffie-Hellman Group eg. 3DES with Group 2 (1024-bit prime)
•
encryption algorithm eg AES256, DES, 3DES
•
hash algorithm eg. MD5, SHA1
15.1.2
VPNC
VPNC is a simplified IPSec/VPN client application that was developed as a Linux alternative to the Cisco
Easy VPN Client software for PCs. VPNC was initially developed to interoperate with Cisco VPN
Concentrators and PIX/IOS routers, but may work with other similar equipment.
•
Authentication method using Pre-Shared-Key + XAUTH is known to be insecure. For more details
see the Cisco Security Notice at www.cisco.com/warp/public/707/cisco-sn-20040415-
grppass.shtml
•
Limited configuration options, may not work with all equipment
•
Limited routing capabilities: VPNC is used to create a tunnel between the client (CTM-200) and the
server; it is not a site-to-site solution such as Racoon/IPsec which can be used to connect remote
subnets.
