Billion BIPAC-7560/7560G Powerline(802.11g) ADSL VPN Firewall Router
Chapter 4:Configuration
Idle Time: Auto-disconnect the VPN connection when there is no activity on the
connection for a predetermined period of time. 0 means this connection is always on. Click
Apply after changing settings.
IPSec: Enable for enhancing your LT2P VPN security.
Authentication: Authentication establishes the integrity of the datagram and ensures it is
not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure
Hash Algorithm (SHA-1) or NONE. SHA-1 is more resistant to brute-force attacks than
MD5, however it is slower.
MD5: A one-way hashing algorithm that produces a 128−bit hash.
SHA-1: A one-way hashing algorithm that produces a 160−bit hash.
Encryption: Select the encryption method from the pull-down menu. There are four
options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no encryption.
3DES and AES are more powerful but increase latency.
DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an
encryption method.
AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption
method.
Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-
key cryptography to change encryption keys during the second phase of VPN negotiation.
This function will provide better security, but extends the VPN negotiation time. Diffie-
Hellman is a public-key cryptography protocol that allows two parties to establish a shared
secret over an unsecured communication channel (i.e. over the Internet). There are three
modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular
Exponentiation Groups.
Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to
128 characters. Both sides should use the same key. IKE is used to establish a shared
security policy and authenticated keys for services (such as IPSec) that require a key.
Before any IPSec traffic can be passed, each router must be able to verify the identity of
its peer. This can be done by manually entering the pre-shared key into both sides (router
or hosts).
86