Configuration

DigiTunnel Setup Assistant

When DigiTunnel is installed for the first time, the DigiTunnel Setup Assistant guides you through a basic setup. By answering the Assistant's questions, most users can set up DigiTunnel for use. To change existing settings, or access advanced features such as split-routing, use DigiTunnel Preferences.

DigiTunnel Preferences

All DigiTunnel settings are made in System Preferences. Open the DigiTunnel panel and change or add settings as desired for your particular connection needs. To apply your settings, click Apply Now or close the DigiTunnel preference pane.

Multiple, named configurations can be created using the Configuration popup menu. The settings shown in the tab views belong to the configuration currently shown in the popup menu. To set up a connection to a different VPN server, or the same server with different settings (such as routing), create a new configuration. Only one configuration can be connected at a time. To use a configuration, select it in the control/status menu.

Split-routing: To use split-routing, uncheck "Route all traffic through VPN" (see Routes), and enter a subnet mask.

Here are explanations of each setting.

• Server Address: IP address or Internet host name of the Windows server

• Username: Your login name on the Windows server. For many systems, this must include a Windows domain name, separated with a backslash, like this "DOMAIN\username".

• Password: Your password on the Windows server.

• ^{About Passwords: In all computer systems, passwords are the weakest link in the security chain. Choosing a good password means using a mix of letters and numbers and a *%@$#&^!-+ or two. Don't use names or a word that appears in a dictionary or encyclopaedia. One way to get a good but memorable password is to make up an obscure pass phrase of eight or more words and use initials of the words--and still work in some numbers and symbols. Or use the whole phrase - PPTP passwords may be up to 255 characters.}
  

• Key Length: For compatibility with different VPN servers. Sets the encryption key length(s) that DigiTunnel accepts when connecting. The default setting, "40/45/128", works for most servers (the longest key supported by the server is used). Some servers, such as Nortel and Watchguard, require that 128-only be specified. (Note for unix geeks: This sets "nomppe" ppp options. The actual options are shown in Advanced.)

• Domain Name Servers: These are normally provided on the fly by your Windows server, but you may enter the IP addresses of DNS servers here. If entered, any provided by the server are ignored.

• Search Domains: If your configuration uses them, put them here as you would for any other TCP/IP configuration.

• Enable Encryption: Check this to encrypt the connection to the server. (Obviously this is the whole point of using a VPN.)

• Automatically connect at login: Check this to bring up your VPN whenever you are logged into your Mac.

• Show Control/Status menu: Should be checked to display DigiTunnel's icon menu in the menu bar. When checked the menu software ("DigiTunnel Dialer") is added to your user Startup Items. If you need to remove the menu temporarily to save room in the bar, choose "Remove this menu" from the menu itself..

• Use verbose logging: For diagnostic use, check this to enable detailed logging by the VPN client.

• Header compression: Check this for a slight efficiency gain with compatible servers. Works with Microsoft VPN servers, but may not be compatible with others.

• Advanced: Most users can skip this setting. To set advanced PPTP/PPP options, click here and edit the text field. Enter each option on a separate line in the field. The "mtu" option should always be present--its default value is "mtu 700". Possible options are documented in the pppd man page. Other than mtu, no other options are known to be useful at this time (the useful options are already set by DigiTunnel or Internet Connect). Custom options may be added in the future.

mtu: This setting sets the maximum size of packets delivered over the tunnel. For some servers or routers, a smaller mtu may improve the quality of your tunnel connection. If your connection is successful but you get errors transferring files or data, try changing the mtu number to a smaller or larger value. Repeat with different mtu numbers until errors are avoided.. For example, try 400, 1466, 978, 652, 434, ... . There's nothing magical about these particular numbers, except that 1466 is just the right size to fit a tunneled packet in a normal 1500-byte Ethernet packet. Do not exceed 1466, or go much below 400. Too small an mtu will cause data transfer to be very slow or fail.

On the Routes tab, you control the Mac's network routing table used when connected to the VPN. To route all network connections and data through the VPN (as Windows VPN clients do), check "Route all traffic through VPN". If you prefer direct connections to Internet sites (not on the VPN), uncheck this.

When unchecked, DigiTunnel sets OS X routing so that OS X applications connect over the VPN to addresses that belong to the VPN, and over your regular Internet connection to other addresses. This automatic routing should be correct for most uses, when the correct Subnet Mask (below) is entered. Additional routes to the VPN may be added for additional ranges of addresses not covered by the server's Subnet. To add a route, click the "+" button.

• Subnet Mask: Used when "Route all traffic through VPN" is not checked. To reach servers on the remote LAN other than the Windows server itself, enter the Subnet Mask that would be used for an ordinary client (PC or Mac) on that LAN. Obtain this value from your system administrator. A typical value is 255.255.255.0. If left blank, you can still connect and access services on the Windows server.

Classic: Connections from Classic applications are always routed through the VPN whenever it is connected (that is, split-routing does not apply to Classic.)

To use Proxies on the VPN, enter settings on the Proxies tab. This is identical to the Proxies tab in Network System Preferences. When the VPN is connected, these proxy settings take effect.

Serial number entry: Registration status and any demo expiration date is displayed in the About tab. To register, click "Serial..." and enter the serial number provided to you by Gracion Software, along with your name and organization. This information is not sent anywhere--it is simply displayed in the About tab.

If additional DigiTunnel VPN configurations are desired, use the Configuration popup menu to create them.

DigiTunnel configurations, like other System Preferences, belong to the user who created them. Other users do not have access to your DigiTunnel configurations, but may create and use their own. Changing Network Locations does not affect DigiTunnel configurations.