Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 1825 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to setup Roadwarrior?

InlineFive
Hey all,

I'm attempting to get a VPN connection setup for about five offsite workers.  And I'm leaning towards using Roadwarrior CA but I don't fully understand all of the certs needed to make this work.  And the bits and pieces Astaro has strewn around doesn't help either.

So far I have:
1. Created a Roadwarrior CA connection (Policy: AES+PFS&COMP, Local Endpoint: Internal, L2TP Encapsulation: On, Use CA: 
2. Created a Signing CA.
3. Created a Host CSR CA for users and one for Local IPSec X.509 Key on the IPSec VPN >> Local Keys screen.  All keys have been issued a CERT with the Signing CA.
4. IPSec VPN >> L2TP over IPSec: Authenticaiton: Local Users, IP address assignment: DHCP, DHCP Interface: Internal, DHCP Server: Internal (Address), Client DNS Servers: 

Is there an walkthrough of how to set this up?

Thanks!

Aodhan


This thread was automatically locked due to age.
Parents
  • 0
    Look at kbase doc 137180. This is with using the ASC Client, I did the piece on doing the X.509 certs. Works fine, although there is a bug in the time policy setting, so if you download a profile, and then import it into ASC Client, you need to go into the profile and edit the time policy setting to match the firewall configuration. 

    Is that what your'e asking? I assume you've got this working by now?
  • 0 in reply to jjohnston62
    Look at kbase doc 137180. This is with using the ASC Client, I did the piece on doing the X.509 certs. Works fine, although there is a bug in the time policy setting, so if you download a profile, and then import it into ASC Client, you need to go into the profile and edit the time policy setting to match the firewall configuration. 

    Is that what your'e asking? I assume you've got this working by now?


    The Policy settings bug was fixed in the last Up2Date or so... the .ini file it generates works fine as is now.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to jjohnston62
    Look at kbase doc 137180. This is with using the ASC Client, I did the piece on doing the X.509 certs. Works fine, although there is a bug in the time policy setting, so if you download a profile, and then import it into ASC Client, you need to go into the profile and edit the time policy setting to match the firewall configuration. 

    Is that what your'e asking? I assume you've got this working by now?


    The Policy settings bug was fixed in the last Up2Date or so... the .ini file it generates works fine as is now.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner