As of firmware version 7.60, a router can identify and authenticate remote stations with the Extended Authentication Protocol (XAUTH). Authentication referred to the user data in the PPP list.
As of firmware version 7.80, XAUTH authentication can also be handled by an (external) RADIUS server. For example, this allows reference to existing RAS user data on the RADIUS server, assuming that RADIUS-authenticated dial-in via PPP has been set up for VPN with XAUTH.
To supplement VPN dial-in with XUTH for authentication, please proceed as follows:
- Set up a VPN dial-in account, for example with the LANconfig Setup Wizard.
- Activate XAUTH in the VPN client at the station which is to dial in. The user name and password are the same as those stored on the RADIUS server.
- Activate the authentication of dial-in remote stations via the XAUTH protocol on an external RADIUS server. In LANconfig, access the configuration area to activate the “Exclusive” operating mode for the RADIUS server. With this setting, all incoming XAUTH requests are authenticated by the RADIUS server.
- You should also specify the IP address, the port, and the key for the external RADIUS server.
- Also set PPP operation to "Exclusive" so that incoming XAUTH requests are authenticated by the RADIUS server only.
