VPN Tracker for Mac OS X

Similar documents
VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Configuration Guide LANCOM

VPN Configuration Guide. NETGEAR FVS318v3

VPN Configuration Guide Linksys RV042/RV082/RV016

VPN Configuration Guide. NETGEAR FVG318 / FVS318G / FVS336G / FVS338 / DGFV338 FVX538 / SRXN3205 / SRX5308 / ProSecure UTM Series

VPN Configuration Guide. Juniper SRX-Series

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

VPN Quick Configuration Guide. D-Link

VPN Configuration Guide. Cisco ASA 5500 Series

VPN Configuration Guide SonicWALL

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

Digi Application Guide Configure VPN Tunnel with Certificates on Digi Connect WAN 3G

Configuration of an IPSec VPN Server on RV130 and RV130W

Configuring VPNs in the EN-1000

Case 1: VPN direction from Vigor2130 to Vigor2820

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Appendix B NETGEAR VPN Configuration

Chapter 5 Virtual Private Networking

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

VPNC Scenario for IPsec Interoperability

FAQ about Communication

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Chapter 6 Virtual Private Networking

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Site-to-Site VPN with SonicWall Firewalls 6300-CX

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Use the IPSec VPN Wizard for Client and Gateway Configurations

Configuring a Hub & Spoke VPN in AOS

VPN Setup for CNet s CWR g Wireless Router

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

Greenbow VPN Client Example

Version 2.0 HOW-TO GUIDELINES. Setting up a Clustered VPN between StoneGate and Check Point NG TECHN11SG2.1-3/4/03

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

BiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network

Configuration Guide written by: Writer: TheGreenBow Engineering Team Company:

Sample excerpt. Virtual Private Networks. Contents

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

DFL-210, DFL-800, DFL-1600 How to setup IPSec VPN connection with DI-80xHV

Configure a Site-to-Site Virtual Private Network (VPN) Connection on an RV340 or RV345 Router

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

Efficient SpeedStream 5861

Quick Note 65. Configure an IPSec VPN tunnel between a TransPort WR router and an Accelerated SR router. Digi Technical Support 7 June 2018

HOW TO CONFIGURE AN IPSEC VPN

VPN Auto Provisioning

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

Configuring VPN from Proventia M Series Appliance to Symantec 5310 Systems

Configuration Summary

Virtual Private Networks

VPN Ports and LAN-to-LAN Tunnels

Example - Configuring a Site-to-Site IPsec VPN Tunnel

Connecting the DI-804V Broadband Router to your network

Table of Contents 1 IKE 1-1

Windows 2000 Pre-shared IKE Dialup VPN Setup Procedures

The EN-4000 in Virtual Private Networks

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN

Configuring LAN-to-LAN IPsec VPNs

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Integration Guide. Oracle Bare Metal BOVPN

Configuring a site-to-site VPN with a VPN-1 Gateway using the VPN-1 Edge VPN Wizard

Quick Note 13. Configuring a main mode IPsec VPN between a Digi TransPort and a Netgear DG834G. UK Support

EMC Symmetrix VMAX Cloud Edition

Service Managed Gateway TM. Configuring IPSec VPN

Proxicast IPSec VPN Client Example

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Manual Key Configuration for Two SonicWALLs

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT

FreeSWAN with Netgear ProSafe VPN Client

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

How to Configure an IPsec VPN to an AWS VPN Gateway with BGP

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology

Virtual Tunnel Interface

VPN Connection. VPN Gateway. 17 December 2002

SLE in Virtual Private Networks

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client

Google Cloud VPN Interop Guide

Setting up VPN connection: DI-804HV to DI-804V

Hillstone IPSec VPN Solution

Service Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)

V7610 TELSTRA BUSINESS GATEWAY

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Configuring a VPN Using Easy VPN and an IPSec Tunnel, page 1

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

SonicWall Global VPN Client Getting Started Guide

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

Transcription:

VPN Tracker for Mac OS X How-to: Interoperability with NETGEAR Internet Security Appliances Rev. 4.0 Copyright 2005 equinux USA Inc. All rights reserved.

1. Introduction 1. Introduction This document describes how VPN Tracker can be used to establish a connection between a Macintosh running Mac OS X and following NETGEAR Internet Security appliances: NETGEAR FVS318 NETGEAR FVS318v2 NETGEAR FVS328 NETGEAR FVL328 The NETGEAR router is configured as a router connecting a company LAN to the Internet. This paper is only a supplement to, not a replacement for, the instructions that have been included with your NETGEAR appliance. Please be sure to read those instructions and understand them before starting. All trademarks, product names, company names, logos, screenshots displayed, cited or otherwise indicated on the How-to are the property of their respective owners. EQUINUX SHALL HAVE ABSOLUTELY NO LIABILITY FOR ANY DIRECT OR INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE USE OF THE HOW-TO OR ANY CHANGE TO THE ROUTER GENERALLY, INCLUDING WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS, OR DATA, EVEN IF EQUINUX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 2

2. Prerequisites 2. Prerequisites First you have to make sure that your NETGEAR router has VPN support built in. Please refer to your NETGEAR manual for details. Furthermore you should use a recent NETGEAR fimware version. The latest firmware release for your NETGEAR appliance can be obtained from http://www.netgear.com/ When using Pre-shared key authentication you need one VPN Tracker Personal Edition license for each Mac connecting to the NETGEAR router. We recommend using one VPN Tracker Professional Edition for the administrator s Mac in order to export configuration files to the clients. VPN Tracker is compatible with Mac OS X 10.2.5+, 10.3 and 10.4. NETGEAR offers different types of VPN gateways, the NETGEAR FVL 328 and the FVS 318. The configuration for the FVS 318 is described in chapter 3.1. Please see chapter 3.2 for the FVL 328 configuration using pre-shared key authentication and chapter 4.1 using certificate authentication. Documentation for other NETGEAR devices such as the NETGEAR FVM318 and the NETGEAR FVS318v3 can be found in a separate how-to on following web page: http://www.vpntracker.com/interop/ 3

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication 3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication In this example the Mac running VPN Tracker is directly connected to the Internet via a dialup or PPP connection. 1 The NETGEAR router is configured in NAT mode and has the static WAN IP address 169.1.2.3 and the private LAN IP address 192.168.1.1. The Stations in the LAN behind the NETGEAR router use 192.168.1.1 as their default gateway and should have a working Internet connection. Chicago Mac-VPN Tracker dynamic IP New York NETGEAR WAN 169.1.2.3 LAN 192.168.1.1 192.168.1.10 192.168.1.20 192.168.1.30 LAN 192.168.1.0/24 Figure 1: VPN Tracker NETGEAR connection diagram 1 Please note that the connection via a router, which uses Network Address Translation (NAT), only works if the NAT router supports IPsec passthrough. Please contact your router s manufacturer for details. 4

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication 3.1 NETGEAR FVS318 Configuration The pre-defined VPN Tracker connection type has been created using the default settings for your NETGEAR appliance. If you change any of the settings on the NETGEAR router, you will eventually have to adjust the connection type in VPN Tracker. Step 1 Create a new VPN Connection: Connection Name: an arbritary name (e.g. vpntracker) Local IPsec Identifier: netgear Remote IPsec Identifier: vpntracker Tunnel can be accessed from: a subnet of local address Local LAN start IP Address: your local NETGEAR LAN subnet (e.g. 192.168.1.0) Local LAN IP Subnetmask: your local NETGEAR LAN subnetmask (e.g. 255.255.255.0 ) Tunnel can access: a single remote address Remote LAN start IP Address: a virtual IP address assigned to the client (e.g. 10.1.2.3 ) 2 Secure Association: Aggressive Mode Perfect Forward Secrecy: Disabled Encryption Protocol: 3DES Key Group: Diffie-Hellman Group 1 PreShared Key: an arbritary key (e.g. secretkey) 2 You ll need to put this IP address in the Local Address field in your VPN Tracker configuration. 5

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication Figure 2: NETGEAR FVS318 - VPN Settings 6

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication 3.2 NETGEAR FVS328/FVL328 Configuration Step 1 Create an IKE Policy with following settings: Policy Name: an arbritary name (e.g. vpntracker) Direction/Type: Remote Access Exchange Mode: Aggressive Local Identity Type: Fully Qualified Domain Name Local Identity Data: an arbritary identifier (e.g. n etgear) Remote Identity Type: Fully Qualified Domain Name Remote Identity Data: an arbritary identifier (e.g. vpntracker) Authentication Algorithm: MD5 Pre-shared Key: an arbritary key (e.g secretkey) Figure 3: NETGEAR FVL 328 - IKE Policy Configuration 7

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication Step 2 Create a VPN Auto Policy with following settings: Policy Name: an arbritary name (e.g. vpntracker auto) IKE policy: your previously create IKE policy Remote VPN Endpoint: IP Address: 0.0.0.0 Tunnel can be accessed from: a subnet of local address Local IP: your local NETGEAR LAN subnet (e.g. 192.168.1.0 ) Local LAN IP Subnetmask: your local NETGEAR LAN subnetmask (e.g. 255.255.255.0 ) Remote IP: a single remote address Remote LAN start IP Address: a virtual IP address assigned to the client (e.g. 10.1.2.3 ) 3 ESP -> Enable Encryption: 3DES ESP -> Enable Authentication: SHA1 Figure 4: NETGEAR FVL328 - VPN - Auto Policy 3 You ll need to put this IP address in the Local Address field in your VPN Tracker configuration. 8

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key 3.3 VPN Tracker Configuration Authentication Step 1 Add a new connection with the following options: Vendor: NETGEAR Model: your VPN device Figure 5: VPN Tracker - Connection Settings 9

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication Step 2 Change your Network Settings: VPN Server Address: public IP address of your VPN Gateway (e.g. 169.1.2.3 ) Local Address: a virtual IP address assigned to the VPN Tracker client (e.g. 10.1.2.3) Remote Network/Mask: network address and netmask of the remote network (eg. 192.168.1.0/255.255.255.0 ). Figure 6: VPN Tracker - Network Settings Please note: In order to access multiple remote networks simultaneously, just add them by pressing the Plus-button. 4 If you are connecting to a NETGEAR FVL 328 router, you could leave the Local Address field blank. 4 For this step VPN Tracker Professional Edition is needed. 10

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication Step 3 Change your Authentication Settings: Pre-shared key: the same Pre-shared key as in the NETGEAR router configuration. Figure 7: VPN Tracker - Authentication Settings 11

3. Connecting a VPN Tracker host to a NETGEAR Firewall using Pre-shared Key Authentication Step 4 Identifier Settings: Local Identifier: FQDN (e.g. vpntracker). Remote Identifier: FQDN (e.g. netgear) Figure 8: VPN Tracker - Identifier Settings Step 5 Save the connection and Click Start IPsec in the VPN Tracker main window. You re done. After 10-20 seconds the red status indicator for the connection should change to green, which means you re securely connected to the NETGEAR router. After IPsec has been started, you may quit VPN Tracker. The IPsec service will keep running. Now to test your connection simply ping a host in the NETGEAR router network from the dialed-in Mac in the Terminal utility: ping 192.168.1.10 12

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication 4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication 4.1 NETGEAR FVL328 Configuration Step 1 Create an IKE Policy with following settings: Policy Name: an arbritary name (e.g. vpntracker) Direction/Type: Remote Access Exchange Mode: Aggressive Local Identity Type: Fully Qualified Domain Name Local Identity Data: an arbritary identifier (e.g. n etgear) Remote Identity Type: Fully Qualified Domain Name Remote Identity Data: an arbritary identifier (e.g. vpntracker) Authentication Algorithm: MD5 Authentication Method: RSA Signature 13

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Figure 9: NETGEAR - IKE Policy Configuration Step 2 VPN Auto Policy Setup: Please refer to step 2 in chapter 3.1 Step 3 Certificates Setup: Please go to [VPN -> Certificates] and generate a Certificate Request. Enter a name and a subject for the Certificate. Choose a Signature key length of 1024 Bit. You have to use a Optional Domain Name. This setting refers to the Local Identifier in the IKE Policies and the remote identifier in VPN Tracker. Note: Please make sure, that the time in [Security -> Schedule -> Date/Time] is set to your local time zone, otherwise you can t generate and sign the self certificate, explained in step 4-6. 14

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Figure 10: Generate Self Certificate Request Step 4 Save the certificate request in a text file. Import the Request in the Request tab in VPN Tracker. Finally Sign the request with a CA. The Alternative Name field is pre-defined with the value you entered in the certificate signing request. It should be the same as the Alternate Subject Name, defined before. Please note: This feature requires the VPN Tracker Professional Edition. Figure 11: VPN Tracker - Sign Certificate Step 5 15

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Go to [VPN -> CAs] and import the CA, which you ve used for signing into the NETGEAR router. The CA file must be exported in the PEM- format. Figure 12: Netgear Certficate Authorities window Step 6 Export the signed certificate in the PEM- format and upload the Certificate in the NETGEAR router. Please note: The subject name of the certificate must look like this: FQDN: netgear After step 6 the configuration should look like this: 16

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Figure 13: Netgear Certificate window 17

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication 4.2 VPN Tracker Configuration Step 1 Create a new Own certificate for VPN Tracker. Go to the VPN Tracker certificate manager ( + E ) and create and sign a new certificate. Type in your certificate data. You have to use an Alternative Name. Choose DNS from the drop-down box and enter the alternative name. Please note: This name must be the same as the remote identifier in the NETGEAR IKE settings. Figure 14: VPN Tracker Certificate Details 18

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Step 2 Add a new connection with the following options: Vendor: NETGEAR Model: your VPN device Figure 15: VPN Tracker - Connection Settings 19

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Step 3 Change your Network Settings: VPN Server Address: public IP address of your VPN Gateway (e.g. 169.1.2.3 ) Remote Network/Mask: network address and netmask of the remote network (eg. 192.168.1.0/255.255.255.0 ). Figure 16: VPN Tracker - Network Settings Please note: In order to access multiple remote networks simultaneously, just add them by pressing the Plus-button. 5 5 For this step VPN Tracker Professional Edition is needed. 20

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Step 4 Change your Authentication Settings: Authentication Using: Certificates Own Certificate: vpntracker Remote Certificate: netgear Figure 17: VPN Tracker - Authentication Settings 21

4. Connecting a VPN Tracker host to a NETGEAR Firewall using Certificate Authentication Step 5 Identifier Settings: Local Identifier: FQDN (e.g. vpntracker). Remote Identifier: FQDN (e.g. netgear) Figure 18: VPN Tracker - Identifier Settings Step 6 Save the connection and Click Start IPsec in the VPN Tracker main window. You re done. After 10-20 seconds the red status indicator for the connection should change to green, which means you re securely connected to the NETGEAR router. After IPsec has been started, you may quit VPN Tracker. The IPsec service will keep running. Now to test your connection simply ping a host in the NETGEAR router network from the dialed-in Mac in the Terminal utility: ping 192.168.1.10 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback