Dead peer detection
This is only possible when the VPN partner supports DPD. DPD checks whether the connection
is still operating problem free or whether there has been an interruption on the line. Without
DPD and depending on the configuration, it may be necessary to wait until the SA lifetime has
expired or the connection must be reinitiated manually. To check whether the IPsec connection
is still problem-free, the device itself sends DPD queries to the VPN partner station. If the VPN
partner station does not reply after a certain time has elapsed, the connection to the VPN
partner station will be declared invalid. You configure the settings for DPD in phase 1.
3.5.6.2
OpenVPN
With OpenVPN, virtual private networks (VPN) can be established. As an OpenVPN client, the
device can establish a VPN connection to a remote network.
You configure the OpenVPN client in "Security" > " OpenVPN Client (Page 292)".
The VPN connection is established via virtual device drivers, the TAP and TUN device. During
this, virtual network interfaces are created that act like a physical interface of the device and
represent the endpoint of the VPN tunnel.
The device supports the following:
● TUN device: Routing mode
The LAN Interface and the virtual network interface are located in different IP subnets. The
virtual tunnel interface is assigned a virtual IP address from a devised subnet by the
OpenVPN server. The IP packets (layer 3) are routed between the virtual tunnel interface
and the LAN interface.
Authentication method
● Certificates: CA certificate and device certificate
The use of certificates is an asymmetrical cryptographic system. Each node (device) has a
secret, private key and a public key of the partner. The private key allows the device to
authenticate itself and to generate digital signatures.
● User name / password
Access is restricted by a user name and a password.
Encryption methods
The device also supports the following methods:
● BF CBC
● AES128 CBC
● AES192 CBC
● AES256 CBC
● DES EDE3
Technical basics
3.5 Security functions
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08
53
Содержание SIMATIC NET SCALANCE S615
Страница 12: ...Table of contents SCALANCE S615 Web Based Management 12 Configuration Manual 11 2019 C79000 G8976 C388 08 ...
Страница 24: ...Description 1 7 PLUG SCALANCE S615 Web Based Management 24 Configuration Manual 11 2019 C79000 G8976 C388 08 ...
Страница 316: ...Appendix A A 3 Syslog messages SCALANCE S615 Web Based Management 316 Configuration Manual 11 2019 C79000 G8976 C388 08 ...
Страница 320: ...Index SCALANCE S615 Web Based Management 320 Configuration Manual 11 2019 C79000 G8976 C388 08 ...