Next: Certificate Defaults
Up: General Configuration
Previous: Interface Selection
Contents
The tunables presented here are defaults which will be used for all
subsequent profiles. They may all, with the exception of Debugging,
be set on a per-profile basis.
- Debugging
- When this is enabled, massive amounts of debugging information
will be logged. Unless you are debugging a VPN problem this should
be set to No.
- Compression
- When this is enabled, the Guardian Digital VPN Server
will attempt to negotiate compression (IPComp) with the remote peer.
If both sides support compression then it will be enabled. If one
side does not support it (or this option is set to No) then
compression will be disabled. This option may be overriden on a per-profile
basis.
- PFS
- When this is enabled, Perfect Forward Secrecy will be manditory.
If it is disabled then PFS will not be used.
It is highly recommended that this always be enabled but some clients
may not support it, so the option to disable it is given. This option
may be overriden on a per-profile basis.
- Authentication
- This option sets the default authentication scheme.
The available options are RSA Signature and Shared Key. This option
may be overriden on a per-profile basis.
- Cipher
- This option defines the default cipher to be used for encryption.
3DES is the most compatible cipher while AES is probably the most
secure. Twofish and Blowfish are very fast. This option may be overriden
on a per-profile basis.
Next: Certificate Defaults
Up: General Configuration
Previous: Interface Selection
Contents
docs@guardiandigital.com
2003-09-09