RV220 configuration

Carl Hilton · ‎01-19-2014

I have two RV220's to form a VPN tunnel between offices.

My questions are

1) The default encryption is 3DES... Should I change this to something else.... PROs & CONs?

2) REMOTE LOGGING requires an SMTP.. No chance to SAVE FILES.. So, all my emails require SSL authentication for SMTP... I don't see how to do this in REMOTE LOGGING?

3) Should I enable a PFS KEY GROUP? If so, what does it give me?

Dan Miley · ‎03-12-2014

1- you can set the encryption to AES- <bitlength> and while both are secure, the AES is a newer algo and supercedes DES, and longer bit length makes it take longer to brute force decrypt. Think billion years instead of million years. there is a little more overhead, but with just one site to site, it shouldn't load the router much.

2- you can do syslog on this device and send the messages to a syslog server. or if you are using google for your mail, they have an unencrypted smtp portal, instructions here...

https://support.google.com/a/answer/176600?hl=en

If your device or application does not support SSL - connect to aspmx.l.google.com on port 25.

You must configure an SPF record for your domain with the IP address of the device or application to ensure that recipients do not reject mail sent from it. You must also add this IP address to the Email Whitelist box in your Google Admin console. For example, if your sending device sends from 123.45.67.89, add that address to your SPF record without removing the Google Apps mail servers from the record: v=spf1 ip4:123.45.67.89 include:_spf.google.com ~all

3- PFS is perfect forward secrecy, and allows the handshake to be slightly more secure (needs to be enabled on both sides), and prevents reuse of encryption keys. http://en.wikipedia.org/wiki/Forward_secrecy

Dan