How-to: VPN with L2TP and certificates and the Mac OSX VPN-client. Securepoint Security System Version 2007nx



Similar documents
Securepoint Security Systems

Securepoint Security Systems

Securepoint Security Systems

IPSecuritas 3.x. Configuration Instructions. Collax Business Server. for

VPNC Interoperability Profile

How To Configure L2TP VPN Connection for MAC OS X client

Computer Science and Engineering MacOS Cisco VPN Client Installation and Setup Guide

VPN Tracker for Mac OS X

Innominate mguard/mguard PCI

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

Mac OS VPN Set Up Guide

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

How To Set Up A Pploe On A Pc Orca On A Ipad Orca (Networking) On A Macbook Orca 2.5 (Netware) On An Ipad 2.2 (Netrocessor

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

1. Download VPN client software for Macintosh (Note: You must be connected to the campus network to perform this step.)

Setting Up Scan to SMB on TaskALFA series MFP s.

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

Guidelines for Using an Ethernet Printer. - Mac OS X - Rev. 1.0

Wireless-N. User Guide. PCI Adapter WMP300N (EU) WIRELESS. Model No.

Hallpass Instructions for Connecting to Mac with a Mac

HowTo: Logging, reporting, log-analysis and log server setup Version 2007nx Release 3. Log server version 2.0

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Apache Configuration

Smart Card Authentication. Administrator's Guide

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

7. Configuring IPSec VPNs

How do I set up a branch office VPN tunnel with the Management Server?

Cisco QuickVPN Installation Tips for Windows Operating Systems

Using Internet or Windows Explorer to Upload Your Site

Zeroshell: VPN Host-to-Lan

SonicWALL SSL-VPN 2.5: NetExtender

Smart Card Authentication Client. Administrator's Guide

VPN Quick Configuration Guide. Astaro Security Gateway V8

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

SFTP Server User Login Instructions. Open Internet explorer and enter the following url:

How to Use Certificates for Additional Security

Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

This works very well for situations where all computers are within the same LAN and can access both the SQL server and the network shares.

Setting up VPN Access for Remote Diagnostics Support

VPN L2TP Application. Installation Guide

How To Configure Apple ipad for Cyberoam L2TP

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

How to Connect SSTP VPN from Windows Server 2008/Vista to Vigor2950

How to use FTP Commander

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No.

Allworx Installation Course

IIS, FTP Server and Windows

Virtual Private Network (VPN)

NAS 323 Using Your NAS as a VPN Server

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Configuration Manager 1.6

Creating a VPN with overlapping subnets

Virtual Private Network (VPN)

TechNote. Contents. Overview. Using a Windows Enterprise Root CA with DPI-SSL. Network Security

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

How to Install a Network-Licensed Version of IBM SPSS Statistics 19

Dlink DFL 800/1600 series: Using the built-in MS L2TP/IPSEC VPN client with certificates

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Installation Guide. Research Computing Team V1.9 RESTRICTED

Gateway-to-Gateway VPN with Certificate

etoken Enterprise For: SSL SSL with etoken

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

How To Install A Cisco Vpn Client V4.9.9 On A Mac Or Ipad (For A University)

Download and Install the Citrix Receiver for Mac/Linux

Client applications are available for PC and Mac computers and ios and Android mobile devices. Internet

Wireless-G Business PCI Adapter with RangeBooster

Interoperability Guide

How To Industrial Networking

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Using IPsec VPN to provide communication between offices

Apple Mac VPN Service Setting up Remote Desktop

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

F-SECURE MESSAGING SECURITY GATEWAY

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

Mac OS X: INSTALLING TUNNELBLICK

VPN Tracker for Mac OS X

Chapter7 Setting the Receiving PC for Direct Upload. Setting the Receiving PC for Direct Upload For Windows For Macintosh...

Foglight Experience Monitor and Foglight Experience Viewer

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Configuring Global Protect SSL VPN with a user-defined port

Quick Installation Guide

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter. User Guide WIRELESS WMP54G. Model No.

VPN Tracker for Mac OS X

Pre-lab and In-class Laboratory Exercise 10 (L10)

GlobalProtect Configuration for IPsec Client on Apple ios Devices

VPN Overview. The path for wireless VPN users

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

SQL Server 2008 R2 Express Edition Installation Guide

Sophos Mobile Control Installation guide. Product version: 3

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Pcounter Mobile Guide

efive - Establish a VPN client connection from my PC

User manual Remote access VNC V 0.2

MultiSite Manager. Setup Guide

Setting up and Automating a MS Dynamics AX Job in JAMS

Transcription:

Securepoint Security System Version 2007nx

Contents VPN with L2TP and certificates and the Mac OSX VPN-client... 3 1 Configuration of the appliance...4 1.1 Setting up network-objects in the Securepoint Security Manager... 4 1.2 Creating firewall-rules... 5 1.3 Setting up certificates... 6 1.4 L2TP basic settings... 10 1.5 L2TP-configuration... 11 1.6 Setting up users... 15 2 Configuration of the Mac OSX-L2TP-VPN-Roadwarrior under Mac OSX... 16 2.1 Importing the client certificate over the Mac OSX keychain... 16 2.2 Setting up the VPN-connection... 19 Page 2

VPN with L2TP and certificates and the Mac OSX VPN-client A VPN connects one or several computers or networks by using a different network, e. g. the internet, as a means of transport. For instance, this could be the computer of a member of staff at their home or in a subsidiary which is linked to the network at the headquarter through the internet. For the user, the VPN looks like a normal network connection to the destination computer. The actual way of transmission is not perceived. The VPN provides the user with a virtual IP-connection which is tunneled by an actual one. The data packages transmitted via this connection are encoded at the client and decoded by the Securepoint servers - and the other way around. Target: Establishing a VPN-L2TP with certificates between the Securepoint appliance and a Mac OSX L2TP-client. Prerequisite: The L2TP connection was tested under Mac OSX 10.4.9 (Intel). The minimum requirement is Mac OSX 10.4.X. Only with this you will be able to import the PKCS#12 certificates with L2TP. Image: VPN Page 3

1 Configuration of the appliance 1.1 Setting up network-objects in the Securepoint Security Manager Proceed as follows: Over Firewall select the folder Network objects. Set up network-objects as shown in the following image. Image: Network-objects Page 4

1.2 Creating firewall-rules Proceed as follows: Over Firewall select the folder Rules. Set up the firewall-rules as shown in the following image. Image: Firewall Rules Page 5

1.3 Setting up certificates Proceed as follows: Over VPN select the folder Certificates. Image: Certificates First the Certification Authority (CA) with which the server-certificate and the client-certificates are signed, has to be established. Therefore, a root certificate is created first. Click on the icon New and select Root certificate. Insert the data as shown in the following image. Page 6

Image: Creating a CA Page 7

After a CA has been created, server- and client-certificates can be generated. A server is required and a client-certificate for each Roadwarrior. The Mac OSX L2TP client requires as IPSec ID the host name of the firewall server with which it is connected. In our example, this is the DynDNS name of the firewall. It is inserted in the area X.509 V3 Name. Click on the icon New and then select User / server certificate. Insert the data as shown in the following image. Image: Creating a server certificate In the following step, client-certificates are needed. Click the icon New and select User / server certificate, Insert the data as shown in the following image. Image: Creating a client-certificate Page 8

After creating the client-certificate, now export the certificates for usage on a Roadwarrior. Click on the icon Export and select the suitable data type. Depending on the destination system you have to choose whether the certificates are to be saved in the standard format (.pem) or in the Personal Information Exchange Syntax (.p12). PKCS#12-Dateien are given a password. For the Mac OSX client export the certificate in the PKCS#12 format. After that the certificate can be stored locally. Image: Export of certificates Page 9

1.4 L2TP basic settings Proceed as follows: In the main menu select VPN through the selection list VPN L2TP. The local L2TP-interface should be a free IP-address from the internal net. The L2TP-IP-addresses (L2TP address-pool) are assigned following the connection to the L2TP-interface. With this configuration the L2TP-client can communicate over the proxy-arp function with the internal net, because it is assigned an IP-address from this net upon dial-in. Image: General VPN L2TP settings Image: NS / WINS-VPN L2TP settings Page 10

1.5 L2TP-configuration Proceed as follows: Over VPN select the folder VPN connections. Move the existing firewall-object in the left window with the mouse onto the VPN viewport. Image: Moving the firewall-symbol to the viewport Now create a new Roadwarrior-object in the left window. Click on the Notebook-Symbol in the image bar of the upper window. In the dialogue window Roadwarrior hinzufügen (adding Roadwarrior) the Roadwarrior is created without IP (0.0.0.0), because this may vary all the time! Click L2TP in the Roadwarrior-dialogue in order to activate L2TP. Image: Creating a new Roadwarrior-object Page 11

Now move the freshly created Roadwarrior-object from the left window onto the VPN viewport. Image: Moving Roadwarrior-object onto viewport Now click on the icon Connecting and on the Roadwarrior-object. A flag with the information Please click destination object appears on the Roadwarrior-object. Now click the firewall-object. Image: Creating a new Roadwarrior-object Page 12

Now, a new dialogue window IPSec connection accept appears automatically. Select a new the authentication method CERT and the ID-type HOSTNAME in the new window. In a default case, all other settings can simply be adopted. Image: Creating VPN with Roadwarrior Under Lokal Certificate select the server certificate. For the Local gateway ID insert the ID of the server certificate with the sign @ in front of it. Image: Creating VPN with Roadwarrior If the client-pc works behind a router (natted), the client-subnet has to be inserted as well. If the entry is to be valid for all kinds of subnets, one has to insert 0.0.0.0/0. Page 13

After clicking the icon Update, the configuration on the appliance has been concluded. Image: Updating connections In the following step check the status of the services. SERVICE_IPSEC und SERVICE_L2TP are required for a L2TP-connection. Now upload the certificates created in the section certificates into the target systems. Image: Checking if the VPN-services have been activated Page 14

1.6 Setting up users Proceed as follows: Click under User administration on the icon New. Set up an L2TP-user with name, login, password etc. Image: Setting up an L2TP-user Optionally, the L2TP-user may be assigned directly an IP-address outside the L2TP-pool. Image: Assigning an IP-address Page 15

2 Configuration of the Mac OSX-L2TP-VPN-Roadwarrior under Mac OSX 2.1 Importing the client certificate over the Mac OSX keychain Proceed as follows: Open a terminal window under Mac OSX. If you are working with limited user privileges, change to a privileged user by using the command su <nameoftheadministrator>. Then open the Mac OSX keychain in the way shown in the screenshot. Do not open the keychain under the area Programme! sudo "/Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access" Image: Starting the keychain Through the import function, the certificate can be fed into the directory system of the key chain. In order to do that, the password of the certificate has to be inserted. Once the certificate has been inserted, copy the CA into the directory X509Anchors. You have to re-start the system in order for the certificate to be displayed as valid. Page 16

Image: Keychain Image: Keychain Page 17

After the re-start, the certificate should be displayed as valid. Image: Keychain Page 18

2.2 Setting up the VPN-connection Proceed as follows: Set up a new VPN-connection with the program Internet-Connection. As a server address, insert the name of the host which is also provided in the certificate of the firewall server. Image: Setting up a standard-vpn-connection under Mac OSX Open the extended Konfiguration and select Certificate as computer-identification and then the relating imported certificate. Confirm the entries and test the connection. Page 19

Image: Standard-VPN-connection under Mac OSX, extended settings Page 20