Overview of configuration steps |
Configuration of the VPN gateway
Field | Menu | Value |
---|---|---|
Address mode |
LAN -> IP
Configuration-> Interfaces -> <en1-0>
![]() |
Static |
IP Address/Netmask |
LAN -> IP
Configuration-> Interfaces -> <en1-0>
![]() |
e.g. 192.168.0.30 / 255.255.255.0 |
Interface Mode |
LAN -> IP
Configuration-> Interfaces -> <en1-0>
![]() |
Manual |
Proxy ARP |
LAN -> IP
Configuration-> Interfaces -> <en1-0>
![]() |
Enabled |
Field | Menu | Value |
---|---|---|
IP pool name | VPN -> IPSec ->IP Pools -> Add | e.g. pool . |
IP pool range | VPN -> IPSec ->IP Pools -> Add | e.g. 192.168.0.150 - 192.168.0.180 |
Field | Menu | Value |
---|---|---|
External Filename | VPN -> Certificates -> Certificate List -> Import | e.g. /usr/lib/ssl/misc/vpn-gateway/vpn-gateway.p12 |
Local Certificate Description | VPN -> Certificates -> Certificate List -> Import | e.g. vpn gateway |
Password | VPN -> Certificates -> Certificate List -> Import | Password for PKCS#12 certificate |
Configuration of Phase 1 Profiles
Field | Menu | Value |
---|---|---|
Authentication Method |
VPN -> IPSec
->Phase 1 Profiles -> Edit
![]() |
RSA Signature |
Local Certificate |
VPN -> IPSec
->Phase 1 Profiles -> Edit
![]() |
e.g. vpn gateway |
Mode |
VPN -> IPSec
->Phase 1 Profiles -> Edit
![]() |
Main Mode (ID Protect) |
Local ID Value |
VPN -> IPSec
->Phase 1 Profiles -> Edit
![]() |
Enable Use Subject Name from Certificate |
Field | Menu | Value |
---|---|---|
Administrative Status |
VPN -> IPSec
->IPSec Peers ->
![]() |
Active |
Description |
VPN -> IPSec
->IPSec Peers ->
![]() |
e.g. vpnclient1 |
Peer ID |
VPN -> IPSec
->IPSec Peers ->
![]() |
ASN.1-DN (Distinguished Name) and MAILTO=vpnclientuser@bintec-elmeg.com, CN=vpnclientuser, OU=sales, O=FEC, L=nuernberg, ST=bavaria, C=DE |
IP Address Assignment |
VPN -> IPSec
->IPSec Peers ->
![]() |
IKE Config Mode |
IP Assignment Pool |
VPN -> IPSec
->IPSec Peers ->
![]() |
pool |
Local IP Address |
VPN -> IPSec
->IPSec Peers ->
![]() |
e.g. 192.168.0.30 |
Phase 1 Profile |
VPN -> IPSec -> IPSec Peers ->
![]() |
* RSA Multiproposal |
Phase 2 Profile |
VPN -> IPSec -> IPSec Peers ->
![]() |
* Multi-Proposal |
Proxy ARP |
VPN -> IPSec -> IPSec Peers ->
![]() |
Up or Dormant |
Configuration of bintec secure IPSec clients
Field | Menu | Value |
---|---|---|
Connector Type | Assistant for new profile | Connection to company network via IPSec |
Profile Name | Assistant for new profile | Head Office |
Connection Medium | Assistant for new profile | LAN (over IP) |
User Name | Assistant for new profile | e.g. vpngateway.bintec-elmeg.com |
Exchange Mode | Assistant for new profile | Main Mode |
PFS Group | Assistant for new profile | DH Group 2 (1024 Bit) |
Local Identity | Assistant for new profile | ASN1 Distinguished Name |
IP address assignment | Assistant for new profile | Use IKE Config Mode |
Stateful Inspection | Assistant for new profile | off |
NetBIOS over IP | Assistant for new profile | Enabled |
Field | Menu | Value |
---|---|---|
Name | Configuration -> Certificates -> Add | IPSecClientCertificate |
Certificate | Configuration -> Certificates -> Add | from PKCS#12 file |
PKCS#12 data name | Configuration -> Certificates -> Add | bintec secure IPSec client\vpnclientuser1.p12 |
Field | Menu | Value |
---|---|---|
Gateway (Tunnel Endpoint) | Configuration -> Profile -> Edit -> IPSec Settings | vpngateway.bintec-elmeg.com |
IKE Policy | Configuration -> Profile -> Edit -> IPSec Settings | RSA Signature |
IPSec Guideline | Configuration -> Profile -> Edit -> IPSec Settings | ESP - AES128 - MD5 |
Exchange Mode | Configuration -> Profile -> Edit -> IPSec Settings | Main Mode |
PFS Group | Configuration -> Profile -> Edit -> IPSec Settings | DH Group 2 (1024 Bit) |
Type | Configuration -> Profile -> Edit -> Identity | ASN1 Distinguished Name |
Certificate Configuration | Configuration -> Profile -> Edit -> Identity | IPSecClientCertificate |
Field | Menu | Value |
---|---|---|
PIN | PIN Entry | Password for PKCS#12 certificate |
Field | Menu | Value |
---|---|---|
Authentication Type | System Administration -> Remote Authentication -> RADIUS -> New | XAUTH |
Server IP Address | System Administration -> Remote Authentication -> RADIUS -> New | e.g. 192.168.0.111 |
RADIUS Password | System Administration -> Remote Authentication -> RADIUS -> New | The Radius password saved on the SecOVID server |
Group description | System Administration -> Remote Authentication -> RADIUS -> New | xauth |
Field | Menu | Value |
---|---|---|
Description | VPN -> IPSec ->XAUTH Profiles -> New | e.g. radius |
Role | VPN -> IPSec ->XAUTH Profiles -> New | Server |
Mode | VPN -> IPSec ->XAUTH Profiles -> New | RADIUS |
RADIUS Server Group ID | VPN -> IPSec ->XAUTH Profiles -> New | xauth |
Field | Menu | Value |
---|---|---|
XAUTH Profile |
VPN -> IPSec -> IPSec Peers ->
![]() |
radius |
Field | Menu | Value |
---|---|---|
Type | Configuration -> Profile -> Edit -> Identity | ASN1 Distinguished Name |
Certificate Configuration | Configuration -> Profile -> Edit -> Identity | IPSecClientCertificate |
User Name | Configuration -> Profile -> Edit -> Identity | e.g. jeveryman . |
Copyright© Version 01/2020 bintec elmeg GmbH |