Create VPN Server Manually

To increase security one can instead create IPSec connections one by one for each client. This increases security:

  • By specifying the remote IPSec gateway's global IP address you stop other clients trying to access.
  • By specifying different pre-shared keys for each client you limit the damage caused by a pre-shared key on the loose.
  • By specifying the remote network you can stop for instance clients connected using wireless at the remote gateway to access your network.
  • By using certificates instead of pre-shared keys you make unauthorized connections harder.
  • Manually created IPSec connections allow by default only access to ET1/2/3 ports (not ET4 nor AIR), and you can limit access further (down to even a single port on a single server) using the advanced pages if desired.

:!: Manual connections are not suitable for clients with dynamic IP addresses.

To create a VPN server manually you need for each client add a peer and connection on the IPSec Overview page.

For each connection specify:

  • No EasyClient, as it would interfere with the connection.
  • The global IP address of the client.
  • The pre-shared key or certificate to be used.

The local subnet used at the client:

  • If the client is an Internet Gate using EasyClient then leave the local subnet field empty.
  • If the client is a single PC with IPSec client software running on it then leave the local subnet field empty.
  • If the client is an Internet Gate with EasyClient disabled then specify the IP address of the LAN behind that Internet Gate. :!: No two clients are allowed to have the same subnet!
  • If the client is an IPSec gateway of another brand then specify the IP address of the LAN behind that client. :!: No two clients are allowed to have the same subnet!
vpn/configure_server_manually.txt · Last modified: 2010/11/19 16:49 by mats
CC Attribution-Noncommercial-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0