Self-signed certificate based client tunnels, Roaming clients chapter 9. vpn 255 – D-Link DFL-2500 User Manual
Page 255
5.
Under the Routing tab:
•
Enable the option: Dynamically add route to the remote network when a tunnel is established.
6.
Click OK
C. Finally configure the IP rule set to allow traffic inside the tunnel.
9.4.3.2. Self-signed Certificate based client tunnels
Example 9.5. Setting up a Self-signed Certificate based VPN tunnel for roaming clients
This example describes how to configure an IPsec tunnel at the head office D-Link Firewall for roaming clients
that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with
external firewall IP wan_ip.
Web Interface
A. Create a Self-signed Certificate for IPsec authentication:
The step to actually create self-signed certificates is performed outside the WebUI using a suitable software
product. The certificate should be in the PEM (Privacy Enhanced Mail) file format.
B. Upload all the client self-signed certificates:
1.
Go to Objects > Authentication Objects > Add > Certificate
2.
Enter a suitable name for the Certificate object.
3.
Select the X.509 Certificate option
4.
Click OK
C. Create Identification Lists:
1.
Go to Objects > VPN Objects > ID List > Add > ID List
2.
Enter a suitable name, eg. sales
3.
Click OK
4.
Go to Objects > VPN Objects > ID List > Sales > Add > ID
5.
Enter the name for the client
6.
Select Email as Type
7.
In the Email address field, enter the email address selected when you created the certificate on the client
8.
Create a new ID for every client that you want to grant access rights according to the instructions above
D. Configure the IPsec tunnel:
1.
Go to Interfaces > IPsec > Add > IPsec Tunnel
2.
Now enter:
•
Name: RoamingIPsecTunnel
•
Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
•
Remote Network: all-nets
•
Remote Endpoint: (None)
•
Encapsulation Mode: Tunnel
9.4.3. Roaming Clients
Chapter 9. VPN
255