beautypg.com

Psk based client tunnels, Dealing with unknown ip addresses – D-Link DFL-2500 User Manual

Page 254

background image

computer from different locations is a typical example of a roaming client. Apart from the need for
secure VPN access, the other major issue with roaming clients is that the mobile user's IP address is
often not known beforehand. To handle the unknown IP address the NetDefendOS can dynamically
add routes to the routing table as tunnels are established.

Dealing with Unknown IP addresses

If the IP address of the client is not known before hand then the D-Link Firewall needs to create a
route in its routing table dynamically as each client connects. In the example below this is the case
and the IPsec tunnel is configured to dynamically add routes.

If clients are to be allowed to roam in from everywhere, irrespective of their IP address, then the
Remote Network needs to be set to all-nets (IP address: 0.0.0.0/0) which will allow all existing
IPv4-addresses to connect through the tunnel.

When configuring VPN tunnels for roaming clients it is usually not necessary to add to or modify
the proposal lists that are pre-configured in NetDefendOS.

9.4.3.1. PSK based client tunnels

Example 9.4. Setting up a PSK based VPN tunnel for roaming clients

This example describes how to configure an IPsec tunnel at the head office D-Link Firewall for roaming clients
that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with
external firewall IP wan_ip.

Web Interface

A. Create a pre-shared key for IPsec authentication:

1.

Go to Objects > Authentication Objects > Add > Pre-Shared Key

2.

Now enter:

Name: Enter a name for the pre-shared key, SecretKey for instance

Shared Secret: Enter a secret passphrase

Confirm Secret: Enter the secret passphrase again

3.

Click OK

B. Configure the IPsec tunnel:

1.

Go to Interfaces > IPsec > Add > IPsec Tunnel

2.

Now enter:

Name: RoamingIPsecTunnel

Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)

Remote Network: all-nets

Remote Endpoint: (None)

Encapsulation Mode: Tunnel

3.

For Algorithms enter:

IKE Algorithms: Medium or High

IPsec Algorithms: Medium or High

4.

For Authentication enter:

Pre-Shared Key: Select the pre-shared key created earlier

9.4.3. Roaming Clients

Chapter 9. VPN

254