Need some help with VPN and Road Warriors
13 September 2002 | 05:06 PM
#1
Thread Starter
Scooby Regular
Joined: Nov 1999
Posts: 10,504
Likes: 1
From: Scotland, UK
We have a Linux firewall here at work and I'm playing around with remote VPN users.
The Firewall supports Road Warriors, but you need to use a 3rd party VPN client.
Following the firewall documentation, I've created a server and user certificate, but it doesn't ask me to define a username or password.
What do I need on the client to authenticate using the VPN? Do I need to transfer the certificate to the laptop in some way?
The firewall documentation is sh!te and doesn't explain things exactly.
Stefan
The Firewall supports Road Warriors, but you need to use a 3rd party VPN client.
Following the firewall documentation, I've created a server and user certificate, but it doesn't ask me to define a username or password.
What do I need on the client to authenticate using the VPN? Do I need to transfer the certificate to the laptop in some way?
The firewall documentation is sh!te and doesn't explain things exactly.
Stefan
13 September 2002 | 07:21 PM
#2
Scooby Regular
Joined: Nov 2001
Posts: 2,576
Likes: 0
Whats the firewall package and VPN client called?
VPN will be my next project after my current VoIP project. So will need to do some research, besides, I run a linux based firewall here at home so I might as well check out your solution
Laters
H
VPN will be my next project after my current VoIP project. So will need to do some research, besides, I run a linux based firewall here at home so I might as well check out your solution
Laters
H
13 September 2002 | 08:51 PM
#3
Scooby Regular
Joined: Nov 2000
Posts: 2,021
Likes: 1
From: 412 Wheel HP Audi RS4
Without knowing which firewall/VPN client it's a little difficult to help....
Typically you will need to set-up the VPN client with the host to contact, the encyrption/hash method used, the internal network to be accessed etc. Then you will need to import the cert into the client (assuming your doing IKE). It should then burst into life.
You might be better off trying it out using Manuel IKE rather than IKE first off just to prove it works.
Jeff
Typically you will need to set-up the VPN client with the host to contact, the encyrption/hash method used, the internal network to be accessed etc. Then you will need to import the cert into the client (assuming your doing IKE). It should then burst into life.
You might be better off trying it out using Manuel IKE rather than IKE first off just to prove it works.
Jeff
13 September 2002 | 09:53 PM
#4
Scooby Regular
Joined: May 1999
Posts: 424
Likes: 0
Jeff,
Is that a spanish one then... :> I guess you meant a 'pre-shared secret'
Ozzy - post the make and type - you can email me offline (as you may not want to disclose type of firewall) - im sure some of us can help
Kev
Is that a spanish one then... :> I guess you meant a 'pre-shared secret'
Ozzy - post the make and type - you can email me offline (as you may not want to disclose type of firewall) - im sure some of us can help
Kev
13 September 2002 | 09:55 PM
#5
Thread Starter
Scooby Regular
Joined: Nov 1999
Posts: 10,504
Likes: 1
From: Scotland, UK
Hi guys,
The server is Trustix XSentry. Nothing fancy, just a Java GUI front-end that creates all the rules on the stripped down Linux box.
I've created the server and user certificate and created a Road Warrior VPN client. Doesn't mention any username, password or shared secret anywhere.
Don't have a VPN client, so I'm up for suggestions.
Maybe I just need to import the certificate as Jeff suggested?
Stefan
[Edited by ozzy - 9/13/2002 8:57:38 PM]
The server is Trustix XSentry. Nothing fancy, just a Java GUI front-end that creates all the rules on the stripped down Linux box.
I've created the server and user certificate and created a Road Warrior VPN client. Doesn't mention any username, password or shared secret anywhere.
Don't have a VPN client, so I'm up for suggestions.
Maybe I just need to import the certificate as Jeff suggested?
Stefan
[Edited by ozzy - 9/13/2002 8:57:38 PM]
13 September 2002 | 10:47 PM
#6
Scooby Regular
Joined: Nov 2000
Posts: 2,021
Likes: 1
From: 412 Wheel HP Audi RS4
IDS ....
I'll check my spelling next time.....
IPSec VPN tunnels authenticate the device not the user...you'll need some other mechanism to do that. Some Firewalls have the ability to use RADIUS/KERBROS/LDAP etc to do just that.
If you've set the Firewall to use certificates then your doing 'full' Internet Key Exchange, if you want a pre-shared secret to be used you'll need Manuel <sic> IKE.
As for a VPN client I would suggest using Safenet (http://www.safenet-inc.com or the PGP client.
Regards
Jeff
I'll check my spelling next time.....IPSec VPN tunnels authenticate the device not the user...you'll need some other mechanism to do that. Some Firewalls have the ability to use RADIUS/KERBROS/LDAP etc to do just that.
If you've set the Firewall to use certificates then your doing 'full' Internet Key Exchange, if you want a pre-shared secret to be used you'll need Manuel <sic> IKE.
As for a VPN client I would suggest using Safenet (http://www.safenet-inc.com or the PGP client.
Regards
Jeff
Thread
Thread Starter
Forum
Replies
Last Post