EBW-E100
Functions
59
In order to configure the authentication with certificates, select the radio
button "Authentication based on certificate". It is indicated under the
option here, whether the individual certificates and keys are present
(green checkmark) or not (red cross). Present certificates can also be
downloaded (blue arrow) or deleted again (red cross on white box). The
private key can only be deleted. Alternatively, or in addition to the usage
of a client certificate and a private key, an user name/password
combination can be used for the authentication with the OpenVPN server
(however, the CA certificate is required in any case, which must be
possessed by every participant of this VPN). Enter a user name into the
field "User name" as well as the associated password into the field
"Password" for this. In order to check the certificate type of the remote
terminal, check the checkbox "Check remote certificate type". Check the
checkbox " Activate tls-auth" to use a static key as well in addition to the
certificates. The static key stored in the "Authentication with preshared
key" section will then be used. Optionally, a direction can be specified in
the "Use direction of key" drop-down list (refer to the note in the
following for this).
If tls-auth is used, it is possible to specify that the static key can only
be used for a certain direction. It is important here that this setting is
harmonised with the remote VPN terminal, i.e. no direction is
configured for bot or the settings are complementary (0/1 or 1/0).
In order to configure the authentication with static key, select the radio
button "No authentication or authentication with preshared key". It is
indicated under the option here, whether the static key is present (green
checkmark) or not (red cross). A present key can also be downloaded
(blue arrow) or deleted again (red cross on white box). If no key exists,
the remote terminal will neither be authenticated nor the data traffic
through the OpenVPN tunnel will be encrypted. You can also generate a
new static key using the "Generate a new static key" link. This static key
must then be downloaded and also uploaded to the remote terminal.
Enter the IP address of the local tunnel end into the "IPv4 tunnel address
local" or "IPv6 tunnel address local" field and the IP address of the
remote tunnel end into the "IPv4 tunnel address remote" or "IPv6 tunnel
address remote" field. Enter the address as well as the associated
netmask of the network behind the OpenVPN tunnel into the "IPv4 net
address behind the tunnel" or "IPv6 net address behind the tunnel" and
"IPv4 netmask behind the tunnel" or "IPv6 netmask behind the tunnel"
fields.
In order to confirm all settings made above, click on "OK".
In order to upload a certificate or key, click in the section "Upload key or
certificates" on the "Browse..." button (button depends on the used
browser). Then, select in the "Upload file" window the desired file on the
respective data carrier and click on the "Open" button. If the file is
encrypted, you must also enter the password into the "Password (only
with encrypted file)" field. Click on "OK" then to upload the file.
