Navigate to the following window on path CONFIGURATION > Configuration Tree > your box > Assigned Services > VPN Service > VPN Settings > IPsec.
| Setting | Value(s) *= default | Description |
|---|---|---|
| Use IPsec dynamic IPs | Selected Unselected* | Select the checkbox if the service is connected to the Internet via a dynamic link (dynamic IP address). The server IP address is not yet known at configuration time and IKE then listens to all local IP addresses. |
IKEv1
| Setting | Value(s) *=default | Description |
|---|---|---|
| Timeout | 30 | The maximum period to wait until the request for IPsec tunnel connection establishment must be approved by the remote peer. |
| Tunnel check interval [s] | 30 | The interval between queries for a valid exchange that is assignable to an IPsec tunnel. |
| Dead Peer Detection Interval [s] | 5 | Tunnels can be configured to be Active or Passive. An active tunnel is capable of establishing a connection while a passive tunnel is waiting for a connection request. This parameter sets the interval between keep-alive checks on the remote peer. |
| IKEv1 Log Class | ALL* | The debug log class of IKEv2. Do not select a log class different than ALL if the log is not required for solving issues. |
| IKEv1 Log Level | 0* | The debug log level of IKE. The debug log may be very “noisy.” Do not select a log level greater than 0 if the log is not required for solving an issue. |
| Pre-shared key (PSK) | - | Holds the pre-shared IKE key. |
IKEv2
| Setting | Value(s) *=default | Description |
|---|---|---|
| Start IKEv2 | Selected* Deselected | If selected, IKEv2 will be used. If deselected, IKEv2 will be disabled and some additional memory will be saved. |
| IKEv2 Make Before Break | Selected Deselected | Selecting this option creates a duplicate of the IKE and all IPsec SAs, and the deletes the old ones. This setting requires that both peers can handle overlapping SAs. |
| IKEv2 Log Class | All* | The debug log class of IKEv2. Do not select a log class different than ALL if the log is not required for solving issues. |
| IKEv2 Log Level | 0 | The debug log level of IKEv2. Do not select a log level greater than 0 if the log is not required for solving an issue. |
| IKEv2 Suppress Network Change Events | Selected Deselected* | This is an advanced setting. If selected, network interface/address/route changes which may cause an automatic reconnect of the VPN tunnel will be ignored. This parameter becomes active after a restart of the IKEv2 daemon. Restart the VPN service or execute ipsec restart in a shell. |