Firewall Config VPN |
VPNAttention! VPN does not work, if the internet interface of the firewall is set to DHCP! Road warrior installationWith kwickserver firewall you can integrate persons sitting outside of your networks into these networks over a VPN (virtual private network). For this there are a few steps to do. Here you can read, how to integrate a windows XP computer over VPN. 1. Go to the VPN page in the Kwickserver web administration and activate VPN for the local network you wish using the dropdown list and save with the button beside it. 2. Download the Certificate for your Windows XP computer. To do this, type a password in the Textbox "Password" (remember that password!) and click the button beside it. Now your browser should download a file named certificate.p12. Save that file somewhere. 3. Download the configuration file you need on your Windows XP computer with the link below. 4. Transfer both downloaded files on your client Windows computer. Do not use FTP or any other insecure protocol over the Internet for this transfer! The certificate.p12 has to be kept secret! Use scp or floppy disks etc. 5. Download the ipsec.exe utility from http://vpn.ebootis.de and unzip it to some directory on your Windows machine (e. g. c:\vpn) 6. Create a IPSEC + Certificates MMC 7. Add the certificate 8. Set up the IPSec utility Install ipseccmd.exe (Windows XP) as described in the documentation for the ipsec utility. Note that for Windows XP SP2, you'll need a new version of ipseccmd.exe - it can be downloaded from http://support.microsoft.com/default.aspx?scid=kb;en-us;838079 . Don't forget to copy the ipsec.conf File you downloaded from the Kwickserver into the directory of ipsec.exe ! 9. Start ipsec.exe Now you should be able to contact a computer inside your network with the windows machine on the Internet. Thanks to Nate Carlson for help with this documentation! Delete road warriorsIf you want to prevent a road warrior to access the network in the future, you must revoke his certificate. For that you have to click on „manage certificates“ in the web administration. You now see a list of all ever created certificates. On the right side of every certificate you see a link for the revokation of the certificate. Click on this link and agree to the confirmation and the certificate is revoked. Creating VPN tunnelsIf you have two networks on distinct locations, which are protected by Kwickserver Firewall, you can build a VPN tunnel between these two networks. For that go to the VPN page in the web administration. In the last section of the page you see the tunnel administration. You can manage VPN tunnels for both networks. For setting up a new tunnel, type in the following informations into the form: 1.The external IP address of the remote firewall 2.The address of the network behind the remote firewall 3.The netmask of the network behind the remote firewall After you submitted the form, you can download the certificate with the link in the list and transfer it to the remote firewall. Be sure to transfer the certificate in a secure manner! In the web administration of the remote firewall you now can import the certificate in the very last form on the page. After that you repeat this procedure on the remote firewall. After that you should be able to reach all computers from one network on the other. Be sure, that the addresses of the two networks do not overlap! Deleting VPN tunnels To delete a tunnel, just delete the certificate from the list of one of the firewalls. It is advised to delete the certificates out of both firewalls. |
Kwickserver
Firewall
Mailserver
Fileserver
Webserver
Links
Search
