Mushroom Networks Documentation

How can I encrypt VLL traffic?

Encrypted VLL traffic using VPN

Setup a VLL tunnel between the 2 sites


  • Add a Remote LAN on Headoffice Truffle (under Home tab) with the following settings:

  • Add a Remote LAN on Remote site Truffle (under Home tab) with the following settings:

  • Remote IPs/Name will be the public IP address that is set on Headoffice Truffle’s WAN link.

  • Note /32 Remote LAN subnet mask on both sides

  • Once the configuration is complete you should see under Remote LAN status as Client Connections 1/1, this is assuming you have 1 WAN connection on Remote Site and 1 WAN connection on Headoffice side

Setup a VPN connection between the 2 sites


Once VLL is establish between the 2 sites, configure the VPN server instance on Head-office Truffle:

  • Setup VPN Server instance

Unique Name:

A unique name assigned to a VPN client or server for purposes of being able to easily identify VPN messages in the log file as well as associating ancillary data to a VPN instance such as a list of authorized users and their subnets.


Current VPN status, for user specific instance please check the status under ‘VPN user for servers’.


Maximum transmission unit for the VPN, default value of 1400.

(Server CA Certificate) certificate:

CA certificate used to authenticate the server. This needs to be entered on the client VPN entry on the remote server.

Port port:

Port for the server to listen on, default 1194


  • Setup VPN users for servers (Under Advanced tab)

Server Unique Name:

The VPN server’s unique name that this user information pertains to.


Current VPN user status, or blank if not yet initialized.


VPN username


VPN password


VPN subnet in CIDR notation (make sure to have the subnet mask included otherwise the default subnet mask of /32 is applied).


  • Setup VPN Client instance (Under Advanced tab)

  • Note, the Destination Host, is the LAN IP of Headquarter’s Truffle, and the Subnet is the Head-office’s LAN subnet. Make sure to use the CIDR notation with subnet mask otherwise the default /32 bit subnet mask is applied.
  • Copy the Server CA Certificate from the Server’s end and paste it in the same box at the Client’s end.
  • Verify the “up” status on both ends under VPN instance (under Advanced tab).

© 2004 – 2024 Mushroom Networks Inc. All rights reserved.

Let’s chat. Call us at +1 (858) 452-1031 or fill the form: