Home > Tripp Lite > Switch > Tripp Lite 0 Idades Manual

Tripp Lite 0 Idades Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							61
    Chapter 4: Serial Port, Device and User Configuration
    4.10.1 Enable the OpenVPN 
    • Select OpenVPN on the Serial & Networks menu
    • Click Add and complete the Add OpenVPN Tunnel screen
    • Enter any descriptive name you wish to identify the OpenVPN Tunnel you are adding, for example NorthStOutlet-VPN
     
    • Select the Device Driver to be used, either Tun-IP or Tap-Ethernet.  The TUN (network tunnel) and TAP (network tap) 
    drivers are virtual network drivers that support IP tunneling and Ethern\
    et tunneling, respectively.  TUN and TAP are part of 
    the Linux kernel.
    • Select either UDP or TCP as the Protocol. UDP is the default and preferred protocol for OpenVPN.\
    • In Tunnel Mode, nominate whether this is the Client or Server end of the tunnel.  When running as a server, the Console 
    Server supports multiple clients connecting to the VPN server over the s\
    ame port.
    • In Configuration Method, select the authentication method to be used. \
     To authenticate using certificates select PKI 
    (X.509 Certificates) or select Custom Configuration to upload cust\
    om configuration files. Custom configurations must be 
    stored in /etc/config.
    Note: If you select PKI (public key infrastructure) you will need to estab\
    lish:
    • Separate certificate (also known as a public key). This Certificate File will be a *.crt file type
    • Private Key for the server and each client. This Private Key File will be a *.key file type
    • Master Certificate Authority (CA) certificate and key which is use\
    d to sign each of the server and client certificates. This 
    Root CA Certificate will be a *.crt file type
    For a server you may also need dh1024.pem (Diffie Hellman parameters). 
    Refer http://openvpn.net/easyrsa.html for a guide to basic RSA key management. 
    For alternative authentication methods see http://openvpn.net/index.php/documentation/howto.html#auth. 
    For more information also see http://openvpn.net/howto.html 
    • Check or uncheck the Compression button to enable or disable compression, respectively
       
    						
    							62
    Chapter 4: Serial Port, Device and User Configuration
    4.10.2 Configure as Server or Client  
    • Complete the Client Details or Server Details depending on the Tunnel Mode selected.  
      o If Client has been selected, the Primary Server Address will be the address of the OpenVPN Server.
     o If Server has been selected, enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The  
        network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients.
    • Click Apply to save changes
     
    • To enter authentication certificates and files Edit the OpenVPN tunnel.
    • Select the Manage OpenVPN Files tab. Upload or browse to relevant authentication certificates and fi\
    les. 
     
    • Apply to save changes. Saved files will be displayed in red on the right-ha\
    nd side of the Upload button.  
    						
    							63
    Chapter 4: Serial Port, Device and User Configuration
     
    • To enable OpenVPN,  Edit the OpenVPN tunnel
     
    • Check the Enabled button.
    • Apply to save changes
    Note: Please make sure that the console server system time is correct when w\
    orking with OpenVPN. Otherwise authentication 
    issues may arise
     
    • Select Statistics on the Status menu to verify that the tunnel is operational.
       
    						
    							64
    Chapter 4: Serial Port, Device and User Configuration
    4.10.3 Windows OpenVPN Client and Server set up
    Windows does not come with an OpenVPN server or client. This section outl\
    ines the installation and configuration of a 
    Windows OpenVPN client or a Windows OpenVPN server and setting up a VPN connection to a console serve\
    r.  
    The OpenVPN GUI for Windows software (which includes the standard OpenVPN package plus a Windows GUI) can be 
    downloaded from http://openvpn.se/download.html.
    •  Once installed on the Windows machine, an OpenVPN icon will have been created in the Notifica\
    tion Area located in the right 
    side of the taskbar. Right click on this icon to start (and stop) VPN connections, and to\
     edit configurations and view logs 
     
    When the OpenVPN software is started, the C:\Program Files\OpenVPN\co\
    nfig folder will be scanned for “.opvn” files.   This 
    folder will be rechecked for new configuration files whenever the Op\
    enVPN GUI icon is right-clicked. So once OpenVPN is 
    installed, a configuration file will need to be created:
    •  Using a text editor, create an xxxx.ovpn file and save in C:\Program Files\OpenVPN\config.  For example, C:\Program Files\
    OpenVPN\config\client.ovpn
    An example of an OpenVPN Windows client configuration 
    file is shown below:
    # description: BL_client
    client
    proto udp
    verb 3
    dev tun
    remote 192.168.250.152
    port 1194
    ca c:\\openvpnkeys\\ca.crt
    cert c:\\openvpnkeys\\client.crt
    key c:\\openvpnkeys\\client.key
    nobind
    persist-key
    persist-tun
    comp-lzo
    An example of an OpenVPN Windows Server configuration file 
    is shown below:
    server 10.100.10.0 255.255.255.0
    port 1194
    keepalive 10 120
    proto udp
    mssfix 1400
    persist-key
    persist-tun
    dev tun
    ca c:\\openvpnkeys\\ca.crt
    cert c:\\openvpnkeys\\server.crt
    key c:\\openvpnkeys\\server.key
    dh c:\\openvpnkeys\\dh.pem
    comp-lzo
    verb 1
    syslog BL_OpenVPN_Server  
    						
    							65
    Chapter 4: Serial Port, Device and User Configuration
    The Windows client/server configuration file options are:
    OptionsDescription
    #description:This is a comment describing the configuration.
    Comment lines start with a ‘#’ and are ignored by OpenVPN.
    Client
    server
    Specify whether this will be a client or server configuration file. \
    In the server configuration file, 
    define the IP address pool and netmask. For example, server 10.100.10.0 255.255.255.0
    proto udp
    proto tcp
    Set the protocol to UDP or TCP.  The client and server must use the same settings.
    mssfix Mssfix sets the maximum size of the packet.  This is only useful for U\
    DP if problems occur.
    verb Set log file verbosity level.  Log verbosity level can be set from 0 (\
    minimum) to 15 (maximum). 
    For example,
    0 = silent except for fatal errors
    3 = medium output, good for general usage
    5 = helps with debugging connection problems
    9 = extremely verbose, excellent for troubleshooting
    dev tun
    dev tap
    Select ‘dev tun’ to create a routed IP tunnel or ‘dev tap’ t\
    o create an Ethernet tunnel. The 
    client and server must use the same settings.
    remote The hostname/IP of OpenVPN server when operating as a client.  Enter eit\
    her the DNS 
    hostname or the static IP address of the server. 
    PortThe UDP/TCP port of the server.  
    KeepaliveKeepalive uses ping to keep the OpenVPN session alive.  'Keepalive 10 120' pings every 10 
    seconds and assumes the remote peer is down if no ping has been received\
     over a 120 
    second time period.
    http-proxy  
    
    If a proxy is required to access the server, enter the proxy server DNS name or IP and port 
    number. 
    ca Enter the CA certificate file name and location. The same CA certifi\
    cate file can be used by the 
    server and all clients.
    Note: Ensure each ‘\’ in the directory path is replaced with ‘\
     \\’.  For example, c:\openvpnkeys\
    ca.crt will become c:\\openvpnkeys\\ca.crt
    cert Enter the client’s or servers’s certificate file name and loca\
    tion. Each client should have its 
    own certificate and key files.Note: Ensure each ‘\’ in the di\
    rectory path is replaced with ‘ \\’.  
    key Enter the file name and location of the client’s or server’s key\
    . Each client should have its own 
    certificate and key files.
    Note: Ensure each ‘\’ in the directory path is replaced with ‘\
     \\’.  
    dh This is used by the server only.
    Enter the path to the key with the Diffie-Hellman parameters.
    Nobind‘Nobind’ is used when clients do not need to bind to a local addre\
    ss or specific local port 
    number. This is the case in most client configurations.
    persist-keyThis option prevents the reloading of keys across restarts.
    persist-tunThis option prevents the close and reopen of TUN/TAP devices across restarts.
    cipher BF-CBC Blowfish 
    (default)
    cipher AES-128-CBC  AES
    cipher DES-EDE3-CBC 
    Triple-DES
    Select a cryptographic cipher. The client and server must use the same settings.
    comp-lzoEnable compression on the OpenVPN link. This must be enabled on both the\
     client and the 
    server.
    syslogBy default, logs are located in syslog or, if running as a service on Window, in \Program Files\
    OpenVPN\log directory.   
    						
    							66
    Chapter 4: Serial Port, Device and User Configuration
    To initiate the OpenVPN tunnel following the creation of the client/serve\
    r configuration files:
    • Right click on the OpenVPN icon in the Notification Area
    • Select the newly created client or server configuration.  For example, BL_client
    • Click ‘Connect’ as shown below
     
    • The log file will be displayed as the connection is established
    • Once established, the OpenVPN icon will display a message notifying of t\
    he successful connection and assigned IP. This 
    information, as well as the time the connection was established, is avai\
    lable anytime by scrolling over the OpenVPN icon.
     
    Note: An alternate OpenVPN Windows client can be downloaded from http://www.openvpn.net/index.php/openvpn-client/
    downloads.html. Refer to http://www.openvpn.net/index.php/openvpn-client/howto-openvpn-client.html for help  
    						
    							67
    Chapter 4: Serial Port, Device and User Configuration
    4.11 PPTP VPN
    Console Servers with Firmware V3.5.2 and later, include a PPTP (Point-to-Point Tunneling Protocol) server. PPTP is typically 
    used for communications over a physical or virtual serial link. The PPP \
    endpoints define a virtual IP address to themselves. 
    Routes to networks can then be defined with these IP addresses as the \
    gateway, which results in traffic being sent across the 
    tunnel. PPTP establishes a tunnel between the physical PPP endpoints and\
     securely transports data across the tunnel. 
    The strength of PPTP is its ease of configuration and integration into\
     existing Microsoft infrastructure. It is generally used for 
    connecting single remote Windows clients. If you take your portable computer on a business trip, y\
    ou can dial a local number 
    to connect to your Internet service provider (ISP) and then create a s\
    econd connection (tunnel) into your office network across 
    the Internet and have the same access to your corporate network as if yo\
    u were connected directly from your office. Similarly, 
    telecommuters can also set up a VPN tunnel over their cable modem or DSL\
     links to their local ISP. 
    To set up a PPTP connection from a remote Windows client to your appliance and local network:
    1. Enable and configure the PPTP VPN server on your appliance 
    2. Set up VPN user accounts on your appliance and enable the appropriate au\
    thentication
    3. Configure the VPN clients at the remote sites. The client does not req\
    uire special software as the PPTP Server supports 
    the standard PPTP client software included with Windows XP/ NT/ 2000/ 7 and Vista
    4. Connect to the remote VPN   
    						
    							68
    Chapter 4: Serial Port, Device and User Configuration
    4.11.1 Enable the PPTP VPN server 
    • Select PPTP VPN on the Serial & Networks menu
    • Select the Enable check box to enable the PPTP Server
    • Select the Minimum Authentication Required. Access is denied to remote users attempting to connect using an 
    authentication scheme weaker than the selected scheme. The schemes are d\
    escribed below, from strongest to weakest.
     o Encrypted Authentication (MS-CHAP v2): The strongest type of authentication to use; this is the recommended o\
    ption
     o Weakly Encrypted Authentication (CHAP): This is the weakest type of encrypted password authentication to use. \
     
     It is not recommended that clients connect using this as it provides ver\
    y little password protection. Also note that  
     clients connecting using CHAP are unable to encrypt traffic
     o Unencrypted Authentication (PAP): This is plain text password authentication. When using this type of  
     authentication, the client password is transmitted unencrypted.
     o None
    • Select the Required Encryption Level. Access is denied to remote users attempting to connect not using this \
    encryption 
    level. Strong 40 bit or 128 bit encryption is recommended
    • In Local Address, enter IP address to assign to the server's end of the VPN connection
    • In Remote Addresses, enter the pool of IP addresses to assign to the incoming client's VPN \
    connections (e.g. 
    192.168.1.10-20). This must be a free IP address (or a range of free I\
    P addresses), from the network (typically the LAN) 
    that remote users are assigned while connected to the appliance
    • Enter the desired value of the Maximum Transmission Unit (MTU) for the PPTP interfaces into the MTU field (defaults to 1400) 
    • In the DNS Server field, enter the IP address of the DNS server that assigns IP address\
    es to connecting PPTP clients
    • In the WINS Server field, enter the IP address of the WINS server that assigns IP addres\
    ses to connecting PPTP client
    • Enable Verbose Logging to assist in debugging connection problems 
    • Click Apply Settings  
    						
    							69
    Chapter 4: Serial Port, Device and User Configuration
    4.11.2 Add a PPTP user  
    • Select Users & Groups on the Serial & Networks menu and complete the fields as covered in section 4.2.
    • Ensure the pptpd Group has been checked, to allow access to the PPTP VPN server. Note - users in this group will have 
    their password stored in clear text.
    • Keep note of the username and password for when you need to connect to th\
    e VPN connection
    • Click Apply  
    						
    							70
    Chapter 4: Serial Port, Device and User Configuration
    4.11.3 Set up a remote PPTP client  
    Ensure the remote VPN client PC has Internet connectivity. To create a VPN connection across the Internet, you must set up 
    two networking connections. One connection is for the ISP, and the other connection is for the VPN tunnel to the appliance. 
    Note: This procedure sets up a PPTP client in the Windows 7 Professional operating system. The steps may vary slightly 
    depending on your network access or if you are using an alternate versio\
    n of Windows. More detailed instructions are available 
    from the Microsoft web site.
    • Login to your Windows client with administrator privileges
    • From the Network & Sharing Center on the Control Panel select Network Connections and create a new connection 
    • Select Use My Internet Connection (VPN) and enter the IP Address of the appliance
    Note: To connect remote VPN clients to the local network, you need to know the \
    user name and password for the PPTP 
    account you added, as well as the Internet IP address of the appliance. \
    If your ISP has not allocated you a static IP address, 
    consider using a dynamic DNS service. Otherwise you must modify the PPTP\
     client configuration each time your Internet IP 
    address changes.  
    						
    All Tripp Lite manuals Comments (0)