Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 1825 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to setup Roadwarrior?

InlineFive
Hey all,

I'm attempting to get a VPN connection setup for about five offsite workers.  And I'm leaning towards using Roadwarrior CA but I don't fully understand all of the certs needed to make this work.  And the bits and pieces Astaro has strewn around doesn't help either.

So far I have:
1. Created a Roadwarrior CA connection (Policy: AES+PFS&COMP, Local Endpoint: Internal, L2TP Encapsulation: On, Use CA: 
2. Created a Signing CA.
3. Created a Host CSR CA for users and one for Local IPSec X.509 Key on the IPSec VPN >> Local Keys screen.  All keys have been issued a CERT with the Signing CA.
4. IPSec VPN >> L2TP over IPSec: Authenticaiton: Local Users, IP address assignment: DHCP, DHCP Interface: Internal, DHCP Server: Internal (Address), Client DNS Servers: 

Is there an walkthrough of how to set this up?

Thanks!

Aodhan


This thread was automatically locked due to age.
Parents
  • 0
    Look at kbase doc 137180. This is with using the ASC Client, I did the piece on doing the X.509 certs. Works fine, although there is a bug in the time policy setting, so if you download a profile, and then import it into ASC Client, you need to go into the profile and edit the time policy setting to match the firewall configuration. 

    Is that what your'e asking? I assume you've got this working by now?
  • 0 in reply to jjohnston62
    I got this working using X.509 Certs - can browse the LAN but when I try to browse the net via the tunnel the packet filter throws it out as a spoofed IP.
  • 0 in reply to DarkHelmet
    Set your spoofing detection to normal.. I had a problem with this too.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply Children
Cookie Information Banner