Need some help with VPN and Road Warriors
13 September 2002, 04:06 PM
#1
Scooby Regular
Thread Starter
We have a Linux firewall here at work and I'm playing around with remote VPN users.
The Firewall supports Road Warriors, but you need to use a 3rd party VPN client.
Following the firewall documentation, I've created a server and user certificate, but it doesn't ask me to define a username or password.
What do I need on the client to authenticate using the VPN? Do I need to transfer the certificate to the laptop in some way?
The firewall documentation is sh!te and doesn't explain things exactly.
Stefan
The Firewall supports Road Warriors, but you need to use a 3rd party VPN client.
Following the firewall documentation, I've created a server and user certificate, but it doesn't ask me to define a username or password.
What do I need on the client to authenticate using the VPN? Do I need to transfer the certificate to the laptop in some way?
The firewall documentation is sh!te and doesn't explain things exactly.
Stefan
13 September 2002, 06:21 PM
#2
Scooby Regular
Join Date: Nov 2001
Posts: 2,576
Likes: 0
Received 0 Likes
on
0 Posts
Whats the firewall package and VPN client called?
VPN will be my next project after my current VoIP project. So will need to do some research, besides, I run a linux based firewall here at home so I might as well check out your solution
Laters
H
VPN will be my next project after my current VoIP project. So will need to do some research, besides, I run a linux based firewall here at home so I might as well check out your solution
Laters
H
13 September 2002, 07:51 PM
#3
Scooby Regular
Without knowing which firewall/VPN client it's a little difficult to help....
Typically you will need to set-up the VPN client with the host to contact, the encyrption/hash method used, the internal network to be accessed etc. Then you will need to import the cert into the client (assuming your doing IKE). It should then burst into life.
You might be better off trying it out using Manuel IKE rather than IKE first off just to prove it works.
Jeff
Typically you will need to set-up the VPN client with the host to contact, the encyrption/hash method used, the internal network to be accessed etc. Then you will need to import the cert into the client (assuming your doing IKE). It should then burst into life.
You might be better off trying it out using Manuel IKE rather than IKE first off just to prove it works.
Jeff
13 September 2002, 08:53 PM
#4
Scooby Regular
Join Date: May 1999
Posts: 424
Likes: 0
Received 0 Likes
on
0 Posts
Jeff,
Is that a spanish one then... :> I guess you meant a 'pre-shared secret'
Ozzy - post the make and type - you can email me offline (as you may not want to disclose type of firewall) - im sure some of us can help
Kev
Is that a spanish one then... :> I guess you meant a 'pre-shared secret'
Ozzy - post the make and type - you can email me offline (as you may not want to disclose type of firewall) - im sure some of us can help
Kev
13 September 2002, 08:55 PM
#5
Scooby Regular
Thread Starter
Hi guys,
The server is Trustix XSentry. Nothing fancy, just a Java GUI front-end that creates all the rules on the stripped down Linux box.
I've created the server and user certificate and created a Road Warrior VPN client. Doesn't mention any username, password or shared secret anywhere.
Don't have a VPN client, so I'm up for suggestions.
Maybe I just need to import the certificate as Jeff suggested?
Stefan
[Edited by ozzy - 9/13/2002 8:57:38 PM]
The server is Trustix XSentry. Nothing fancy, just a Java GUI front-end that creates all the rules on the stripped down Linux box.
I've created the server and user certificate and created a Road Warrior VPN client. Doesn't mention any username, password or shared secret anywhere.
Don't have a VPN client, so I'm up for suggestions.
Maybe I just need to import the certificate as Jeff suggested?
Stefan
[Edited by ozzy - 9/13/2002 8:57:38 PM]
13 September 2002, 09:47 PM
#6
Scooby Regular
IDS ....
I'll check my spelling next time.....
IPSec VPN tunnels authenticate the device not the user...you'll need some other mechanism to do that. Some Firewalls have the ability to use RADIUS/KERBROS/LDAP etc to do just that.
If you've set the Firewall to use certificates then your doing 'full' Internet Key Exchange, if you want a pre-shared secret to be used you'll need Manuel <sic> IKE.
As for a VPN client I would suggest using Safenet (http://www.safenet-inc.com or the PGP client.
Regards
Jeff
I'll check my spelling next time.....IPSec VPN tunnels authenticate the device not the user...you'll need some other mechanism to do that. Some Firewalls have the ability to use RADIUS/KERBROS/LDAP etc to do just that.
If you've set the Firewall to use certificates then your doing 'full' Internet Key Exchange, if you want a pre-shared secret to be used you'll need Manuel <sic> IKE.
As for a VPN client I would suggest using Safenet (http://www.safenet-inc.com or the PGP client.
Regards
Jeff
Thread
Thread Starter
Forum
Replies
Last Post