Currently, we do not have any default VPN settings. There are many individual ways to integrate a Junxion Box into your VPN. We recommend contacting support if you have any questions or run into problems with your configuration. Be prepared to give as many details as possible.

The Junxion Box currently supports integration with Cisco VPN servers. The Junxion Box can integrate with other VPN servers which use similar protocols. Junxion support will work with you to determine a viable solution.

If you are having trouble establishing a VPN tunnel with the Junxion Box, here are some troubleshooting tips to try:

• Verify that you can ping the Junxion Box and connect to the Device Manager when the VPN is not set up.

• Make sure the Junxion Box is connected to the Internet (solid red status light) and an external host can be pinged with the VPN turned off.

• Try pinging the Junxion Box and connecting to the Device Manager with the VPN turned on.

• Try pinging an external host with the VPN turned on.

• After setting up the VPN, try pinging the internal and external IP address of the VPN server on the other side of the tunnel.

• Make sure no other clients are connected to the Junxion Box when testing the connection.

• Check your VPN settings. The settings in the Junxion Box must mirror the settings of the VPN server. Some VPN server settings may not be compatible with the Junxion Box and must be disabled prior to testing the connection. For more information about available VPN settings, consult the Junxion Box User Guide.

• View the connection logs from the VPN server. Verify that the Junxion Box is authenticating successfully for both Phase 1 and Phase 2.

Yes, you can use a non-standard time server on the VPN server side. Make sure your time server is reflected on the Junxion Box side by setting the NTP Server field in the VPN section of the Device Manager.

Yes and no. If you are using the Junxion Box to provide VPN access to other devices on the LAN, a secure VPN connection can only exist between the Junxion Box and the remote VPN server. Your computer's VPN client software will not be able to establish a VPN tunnel of it's own through a Junxion Box with VPN enabled.

If you are not using the Junxion Box for VPN services, your computer's VPN client software may be able to establish a VPN tunnel through the Junxion Box to a remote server under one of the following conditions:

1. IP Passthrough enabled with your computer set to the Junxion Box's external WWAN IP address and gateway; plugged into Ethernet port 2.

2. Your computer set as the DMZ host in the Junxion Box. Your computer will need to have a static LAN IP address outside the range of IP addresses in the Junxion Box DHCP pool. The VPN gateway of the client software would need to be set to the external WAN IP address of the Junxion Box.

3. Port forwarding set to forward inbound VPN traffic to your computer. Your computer will need to have a static LAN IP address outside the range of IP addresses in the Junxion Box DHCP pool. By default, most VPN implementations communicate on UDP port 500. The VPN gateway of the client software would need to be set to the external WAN IP address of the Junxion Box.

Yes, but it will have to be accounted for on the VPN server side. This can be accomplished in one of the follwing ways:

• Have the Junxion Box identify itself by hostname (FQDN). This is accomplished by entering a fully qualified domain name (FQDN) into the My Identity field of the VPN configuration section on the services page in the Device Manager preceded by an '@'. character. For example, @junxionbox.domain.com. The VPN server would then need to be configured to accept authentication by FQDN and not IP address for this host.

• Have the Junxion Box identify itself by user name (user_FQDN). This is accomplished by entering a username at a FQDN into the My Identity field of the VPN configuration section on the services page in the Device Manager. For example, user@domain.com. The VPN server would then need to be configured to accept authentication by user_FQDN and not IP address for this host.

• Use a dynamic DNS (DDNS) service to update your IP address. For this to work you will need to sign up for service with a DDNS provider and enter the appropriate configuration information into the DDNS section on the services page in the Device Manager. When the Junxion Box IP address changes, it will updated with the DDNS service. The VPN server would then need to be configured (or scripted) to change it's IP address authentication configuration as DDNS information is updated.

The best VPN connections are ones that are made with full bars of cellular service on 3G network cards. Having the best service coverage and fastest possible cellular modem card will ensure a more stable VPN connection.

Cellular networks may also have more latent connections compared to regular land lines. To help account for this, it may be necessary to adjust the amount of time the tunnel connection is left open on the VPN server side or make adjustments to the WAN Alive interval.

Yes.

The Junxion Box VPN deploys the Openswan implementation of IPsec for Linux.

Here are a few good resources for compatibility and integration information between different VPN servers and implementations of IPsec:

http://www.ipsec-howto.org/t1.html
http://wiki.openswan.org/index.php/Openswan/Interoperate
http://www.novell.com/coolsolutions/appnote/8027.html
http://www.packtpub.com/openswan/book

If are having trouble integrating the Junxion Box into your VPN setup, Junxion support will work with you to determine a viable solution.