Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 1823 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to setup Roadwarrior?

InlineFive
Hey all,

I'm attempting to get a VPN connection setup for about five offsite workers.  And I'm leaning towards using Roadwarrior CA but I don't fully understand all of the certs needed to make this work.  And the bits and pieces Astaro has strewn around doesn't help either.

So far I have:
1. Created a Roadwarrior CA connection (Policy: AES+PFS&COMP, Local Endpoint: Internal, L2TP Encapsulation: On, Use CA: 
2. Created a Signing CA.
3. Created a Host CSR CA for users and one for Local IPSec X.509 Key on the IPSec VPN >> Local Keys screen.  All keys have been issued a CERT with the Signing CA.
4. IPSec VPN >> L2TP over IPSec: Authenticaiton: Local Users, IP address assignment: DHCP, DHCP Interface: Internal, DHCP Server: Internal (Address), Client DNS Servers: 

Is there an walkthrough of how to set this up?

Thanks!

Aodhan


This thread was automatically locked due to age.
  • 0
    Look at kbase doc 137180. This is with using the ASC Client, I did the piece on doing the X.509 certs. Works fine, although there is a bug in the time policy setting, so if you download a profile, and then import it into ASC Client, you need to go into the profile and edit the time policy setting to match the firewall configuration. 

    Is that what your'e asking? I assume you've got this working by now?
  • 0 in reply to jjohnston62
    I got this working using X.509 Certs - can browse the LAN but when I try to browse the net via the tunnel the packet filter throws it out as a spoofed IP.
  • 0 in reply to jjohnston62
    Look at kbase doc 137180. This is with using the ASC Client, I did the piece on doing the X.509 certs. Works fine, although there is a bug in the time policy setting, so if you download a profile, and then import it into ASC Client, you need to go into the profile and edit the time policy setting to match the firewall configuration. 

    Is that what your'e asking? I assume you've got this working by now?


    The Policy settings bug was fixed in the last Up2Date or so... the .ini file it generates works fine as is now.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to DarkHelmet
    Set your spoofing detection to normal.. I had a problem with this too.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    UBER! Thanks! Have to set up a site to site VPN now! Needs to be live in 12 hours!!!

    Sale for 14 more of these in the bag after that!
  • 0 in reply to DarkHelmet
    Yeah, this is something I've reported to Astaro.. no fix yet.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Cookie Information Banner