beautypg.com

Setup without configuration guide, Set up your vpn gateway – equinux VPN Tracker 6.4.6 User Manual

Page 22

background image

Setup without Configuration Guide

Nearly all IPsec VPN gateways can be used with VPN Tracker,

even if they’re not specifically listed as a supported model.

Set up Your VPN Gateway

As a first step, set up your VPN gateway so it is connected to the Internet and
to the internal network you would like to access through VPN Tracker. Please
refer to your VPN gateway’s manual for more information on how to do this.

It is a good idea to carefully choose the address of the VPN
gateway’s LAN network if you plan to access it through VPN. To
avoid later address conflicts, use a private network that is not
used very frequently (e.g. 192.168.142.0/24, or 10.42.23.0/24).

Once you have completed the initial setup of your VPN gateway, it is time to
configure VPN. Always go for a very simple configuration first. You can always
change it into a more sophisticated setup later.

If your VPN gateway’s manual has instructions for setting up a VPN connec-
tion, follow it. If possible, set up a connection with the following properties:

‣ Choose pre-shared key authentication. For now, use a pre-shared key that

is not too complex to avoid typos. But don’t forget to change it to a very
strong password once you’ve got the basic connection working!

‣ Use Aggressive Mode. Only select Main Mode if your device does not offer

Aggressive Mode.

‣ Choose Fully-qualified domain name (FQDN) identifiers, if possible. With

most devices, you can enter any identifier you want, it doesn’t have to be a
valid domain name. Good choices would be:

Local identifier:

vpngateway.local

Remote identifier: vpntracker.local

Encryption algorithms: If possible, use 3DES or AES-128 for now.
Hash/Authentication algorithms: Use SHA-1 for now.
‣ Select Diffie-Hellman (DH) group 2 (1024 bit).
‣ Enable Perfect Forward Secrecy (PFS) using DH group 2 (1024 bit)

‣ For most VPN gateways, you will have to configure the network(s) VPN us-

ers can access. This setting may be called “

local endpoint”, or “policy”.

Enter the address of the network you would like to access. Usually this will
be the same as the VPN gateway’s LAN network (e.g. 192.168.142.0/24). This
setting will later be configured in VPN Tracker as the Remote Network.

‣ Most VPN gateways will also ask you to configure the “remote endpoint” of

the VPN. The remote endpoint is the address VPN clients will be using when
connected through VPN.
If possible, set this to “any address” (sometimes also referred to as
“0.0.0.0/0”). If your VPN gateway requires a single address to be entered,
this will mean that only one VPN client can use this VPN connection at a
time. It also means that you will have to take the address you configure on
the VPN gateway, and enter it in VPN Tracker as the Local Address.

‣ Finally, write down your VPN gateway’s public (WAN) IP address or host

name. If your VPN gateway’s public IP address is dynamic, you might want
to get it signed up to a dynamic DNS service so you can always refer to it
by host name.

If any other settings are required by your VPN gateway in order
to set up a basic VPN connection, check the

→ Settings Refer-

ence in this manual and your VPN gateway’s documentation for
more information on what to configure.

22

See also other documents in the category equinux Software: