Tripp Lite 0 Idades Manual
Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
61 Chapter 4: Serial Port, Device and User Configuration 4.10.1 Enable the OpenVPN • Select OpenVPN on the Serial & Networks menu • Click Add and complete the Add OpenVPN Tunnel screen • Enter any descriptive name you wish to identify the OpenVPN Tunnel you are adding, for example NorthStOutlet-VPN • Select the Device Driver to be used, either Tun-IP or Tap-Ethernet. The TUN (network tunnel) and TAP (network tap) drivers are virtual network drivers that support IP tunneling and Ethern\ et tunneling, respectively. TUN and TAP are part of the Linux kernel. • Select either UDP or TCP as the Protocol. UDP is the default and preferred protocol for OpenVPN.\ • In Tunnel Mode, nominate whether this is the Client or Server end of the tunnel. When running as a server, the Console Server supports multiple clients connecting to the VPN server over the s\ ame port. • In Configuration Method, select the authentication method to be used. \ To authenticate using certificates select PKI (X.509 Certificates) or select Custom Configuration to upload cust\ om configuration files. Custom configurations must be stored in /etc/config. Note: If you select PKI (public key infrastructure) you will need to estab\ lish: • Separate certificate (also known as a public key). This Certificate File will be a *.crt file type • Private Key for the server and each client. This Private Key File will be a *.key file type • Master Certificate Authority (CA) certificate and key which is use\ d to sign each of the server and client certificates. This Root CA Certificate will be a *.crt file type For a server you may also need dh1024.pem (Diffie Hellman parameters). Refer http://openvpn.net/easyrsa.html for a guide to basic RSA key management. For alternative authentication methods see http://openvpn.net/index.php/documentation/howto.html#auth. For more information also see http://openvpn.net/howto.html • Check or uncheck the Compression button to enable or disable compression, respectively
62 Chapter 4: Serial Port, Device and User Configuration 4.10.2 Configure as Server or Client • Complete the Client Details or Server Details depending on the Tunnel Mode selected. o If Client has been selected, the Primary Server Address will be the address of the OpenVPN Server. o If Server has been selected, enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients. • Click Apply to save changes • To enter authentication certificates and files Edit the OpenVPN tunnel. • Select the Manage OpenVPN Files tab. Upload or browse to relevant authentication certificates and fi\ les. • Apply to save changes. Saved files will be displayed in red on the right-ha\ nd side of the Upload button.
63 Chapter 4: Serial Port, Device and User Configuration • To enable OpenVPN, Edit the OpenVPN tunnel • Check the Enabled button. • Apply to save changes Note: Please make sure that the console server system time is correct when w\ orking with OpenVPN. Otherwise authentication issues may arise • Select Statistics on the Status menu to verify that the tunnel is operational.
64 Chapter 4: Serial Port, Device and User Configuration 4.10.3 Windows OpenVPN Client and Server set up Windows does not come with an OpenVPN server or client. This section outl\ ines the installation and configuration of a Windows OpenVPN client or a Windows OpenVPN server and setting up a VPN connection to a console serve\ r. The OpenVPN GUI for Windows software (which includes the standard OpenVPN package plus a Windows GUI) can be downloaded from http://openvpn.se/download.html. • Once installed on the Windows machine, an OpenVPN icon will have been created in the Notifica\ tion Area located in the right side of the taskbar. Right click on this icon to start (and stop) VPN connections, and to\ edit configurations and view logs When the OpenVPN software is started, the C:\Program Files\OpenVPN\co\ nfig folder will be scanned for “.opvn” files. This folder will be rechecked for new configuration files whenever the Op\ enVPN GUI icon is right-clicked. So once OpenVPN is installed, a configuration file will need to be created: • Using a text editor, create an xxxx.ovpn file and save in C:\Program Files\OpenVPN\config. For example, C:\Program Files\ OpenVPN\config\client.ovpn An example of an OpenVPN Windows client configuration file is shown below: # description: BL_client client proto udp verb 3 dev tun remote 192.168.250.152 port 1194 ca c:\\openvpnkeys\\ca.crt cert c:\\openvpnkeys\\client.crt key c:\\openvpnkeys\\client.key nobind persist-key persist-tun comp-lzo An example of an OpenVPN Windows Server configuration file is shown below: server 10.100.10.0 255.255.255.0 port 1194 keepalive 10 120 proto udp mssfix 1400 persist-key persist-tun dev tun ca c:\\openvpnkeys\\ca.crt cert c:\\openvpnkeys\\server.crt key c:\\openvpnkeys\\server.key dh c:\\openvpnkeys\\dh.pem comp-lzo verb 1 syslog BL_OpenVPN_Server
65 Chapter 4: Serial Port, Device and User Configuration The Windows client/server configuration file options are: OptionsDescription #description:This is a comment describing the configuration. Comment lines start with a ‘#’ and are ignored by OpenVPN. Client server Specify whether this will be a client or server configuration file. \ In the server configuration file, define the IP address pool and netmask. For example, server 10.100.10.0 255.255.255.0 proto udp proto tcp Set the protocol to UDP or TCP. The client and server must use the same settings. mssfix Mssfix sets the maximum size of the packet. This is only useful for U\ DP if problems occur. verb Set log file verbosity level. Log verbosity level can be set from 0 (\ minimum) to 15 (maximum). For example, 0 = silent except for fatal errors 3 = medium output, good for general usage 5 = helps with debugging connection problems 9 = extremely verbose, excellent for troubleshooting dev tun dev tap Select ‘dev tun’ to create a routed IP tunnel or ‘dev tap’ t\ o create an Ethernet tunnel. The client and server must use the same settings. remote The hostname/IP of OpenVPN server when operating as a client. Enter eit\ her the DNS hostname or the static IP address of the server. PortThe UDP/TCP port of the server. KeepaliveKeepalive uses ping to keep the OpenVPN session alive. 'Keepalive 10 120' pings every 10 seconds and assumes the remote peer is down if no ping has been received\ over a 120 second time period. http-proxy If a proxy is required to access the server, enter the proxy server DNS name or IP and port number. ca Enter the CA certificate file name and location. The same CA certifi\ cate file can be used by the server and all clients. Note: Ensure each ‘\’ in the directory path is replaced with ‘\ \\’. For example, c:\openvpnkeys\ ca.crt will become c:\\openvpnkeys\\ca.crt cert Enter the client’s or servers’s certificate file name and loca\ tion. Each client should have its own certificate and key files.Note: Ensure each ‘\’ in the di\ rectory path is replaced with ‘ \\’. key Enter the file name and location of the client’s or server’s key\ . Each client should have its own certificate and key files. Note: Ensure each ‘\’ in the directory path is replaced with ‘\ \\’. dh This is used by the server only. Enter the path to the key with the Diffie-Hellman parameters. Nobind‘Nobind’ is used when clients do not need to bind to a local addre\ ss or specific local port number. This is the case in most client configurations. persist-keyThis option prevents the reloading of keys across restarts. persist-tunThis option prevents the close and reopen of TUN/TAP devices across restarts. cipher BF-CBC Blowfish (default) cipher AES-128-CBC AES cipher DES-EDE3-CBC Triple-DES Select a cryptographic cipher. The client and server must use the same settings. comp-lzoEnable compression on the OpenVPN link. This must be enabled on both the\ client and the server. syslogBy default, logs are located in syslog or, if running as a service on Window, in \Program Files\ OpenVPN\log directory.
66 Chapter 4: Serial Port, Device and User Configuration To initiate the OpenVPN tunnel following the creation of the client/serve\ r configuration files: • Right click on the OpenVPN icon in the Notification Area • Select the newly created client or server configuration. For example, BL_client • Click ‘Connect’ as shown below • The log file will be displayed as the connection is established • Once established, the OpenVPN icon will display a message notifying of t\ he successful connection and assigned IP. This information, as well as the time the connection was established, is avai\ lable anytime by scrolling over the OpenVPN icon. Note: An alternate OpenVPN Windows client can be downloaded from http://www.openvpn.net/index.php/openvpn-client/ downloads.html. Refer to http://www.openvpn.net/index.php/openvpn-client/howto-openvpn-client.html for help
67 Chapter 4: Serial Port, Device and User Configuration 4.11 PPTP VPN Console Servers with Firmware V3.5.2 and later, include a PPTP (Point-to-Point Tunneling Protocol) server. PPTP is typically used for communications over a physical or virtual serial link. The PPP \ endpoints define a virtual IP address to themselves. Routes to networks can then be defined with these IP addresses as the \ gateway, which results in traffic being sent across the tunnel. PPTP establishes a tunnel between the physical PPP endpoints and\ securely transports data across the tunnel. The strength of PPTP is its ease of configuration and integration into\ existing Microsoft infrastructure. It is generally used for connecting single remote Windows clients. If you take your portable computer on a business trip, y\ ou can dial a local number to connect to your Internet service provider (ISP) and then create a s\ econd connection (tunnel) into your office network across the Internet and have the same access to your corporate network as if yo\ u were connected directly from your office. Similarly, telecommuters can also set up a VPN tunnel over their cable modem or DSL\ links to their local ISP. To set up a PPTP connection from a remote Windows client to your appliance and local network: 1. Enable and configure the PPTP VPN server on your appliance 2. Set up VPN user accounts on your appliance and enable the appropriate au\ thentication 3. Configure the VPN clients at the remote sites. The client does not req\ uire special software as the PPTP Server supports the standard PPTP client software included with Windows XP/ NT/ 2000/ 7 and Vista 4. Connect to the remote VPN
68 Chapter 4: Serial Port, Device and User Configuration 4.11.1 Enable the PPTP VPN server • Select PPTP VPN on the Serial & Networks menu • Select the Enable check box to enable the PPTP Server • Select the Minimum Authentication Required. Access is denied to remote users attempting to connect using an authentication scheme weaker than the selected scheme. The schemes are d\ escribed below, from strongest to weakest. o Encrypted Authentication (MS-CHAP v2): The strongest type of authentication to use; this is the recommended o\ ption o Weakly Encrypted Authentication (CHAP): This is the weakest type of encrypted password authentication to use. \ It is not recommended that clients connect using this as it provides ver\ y little password protection. Also note that clients connecting using CHAP are unable to encrypt traffic o Unencrypted Authentication (PAP): This is plain text password authentication. When using this type of authentication, the client password is transmitted unencrypted. o None • Select the Required Encryption Level. Access is denied to remote users attempting to connect not using this \ encryption level. Strong 40 bit or 128 bit encryption is recommended • In Local Address, enter IP address to assign to the server's end of the VPN connection • In Remote Addresses, enter the pool of IP addresses to assign to the incoming client's VPN \ connections (e.g. 192.168.1.10-20). This must be a free IP address (or a range of free I\ P addresses), from the network (typically the LAN) that remote users are assigned while connected to the appliance • Enter the desired value of the Maximum Transmission Unit (MTU) for the PPTP interfaces into the MTU field (defaults to 1400) • In the DNS Server field, enter the IP address of the DNS server that assigns IP address\ es to connecting PPTP clients • In the WINS Server field, enter the IP address of the WINS server that assigns IP addres\ ses to connecting PPTP client • Enable Verbose Logging to assist in debugging connection problems • Click Apply Settings
69 Chapter 4: Serial Port, Device and User Configuration 4.11.2 Add a PPTP user • Select Users & Groups on the Serial & Networks menu and complete the fields as covered in section 4.2. • Ensure the pptpd Group has been checked, to allow access to the PPTP VPN server. Note - users in this group will have their password stored in clear text. • Keep note of the username and password for when you need to connect to th\ e VPN connection • Click Apply
70 Chapter 4: Serial Port, Device and User Configuration 4.11.3 Set up a remote PPTP client Ensure the remote VPN client PC has Internet connectivity. To create a VPN connection across the Internet, you must set up two networking connections. One connection is for the ISP, and the other connection is for the VPN tunnel to the appliance. Note: This procedure sets up a PPTP client in the Windows 7 Professional operating system. The steps may vary slightly depending on your network access or if you are using an alternate versio\ n of Windows. More detailed instructions are available from the Microsoft web site. • Login to your Windows client with administrator privileges • From the Network & Sharing Center on the Control Panel select Network Connections and create a new connection • Select Use My Internet Connection (VPN) and enter the IP Address of the appliance Note: To connect remote VPN clients to the local network, you need to know the \ user name and password for the PPTP account you added, as well as the Internet IP address of the appliance. \ If your ISP has not allocated you a static IP address, consider using a dynamic DNS service. Otherwise you must modify the PPTP\ client configuration each time your Internet IP address changes.