...
| Info |
|---|
Repeat this step for each VPN user. |
| Hinweis |
|---|
The Secret must contain capital letters and numbers between 2 - 7 only (see RFC3548). Otherwise the configuration cannot be written back to the router via LANconfig! If the If the Google Authenticator is used, the Secret must have at least 16-digits, as otherwise the scan of the QR code will fail. |
...
- Exchange Mode: From the drop-down menu, select IKEv2.
- PFS Group: From the drop-down menu, select DH14 DH16 (modp2048modp4096).
| Info |
|---|
LANCOM Systems recommends to use the PFS group DH15 DH16 (modp3072modp4096). For this purpose DH15 DH16 must also be active in the encryption profile DEFAULT on the router router (VPN → IKEv2/IPSec → Encryption). As of LCOS 10.70 DH15 is active by default. In existing installations as well as in older firmware versions DH15 must be activated manually.
|
5.8) Authentication via EAP-OTP cannot be configured in the wizard, so this must be done manually at a later stage. Click Next without making changes.
...