Topology – equinux VPN Tracker 8.1.1 User Manual

Cisco EasyVPN

An extension of Mode Config for Cisco devices that is also capable of trans-
mitting the Remote Network(s) and Perfect Forward Secrecy (PFS) setting.

The "passive" variant can be used to resolve problems when the general
EasyVPN setting does not work with a particular device.

If you are using EasyVPN with a custom device profile, make sure to turn on
"Identify as Cisco Unity Client" on the Advanced tab.

Related Settings: Basic > Network Configuration > Local Address
Basic > Network Configuration > Remote Networks
Basic > Remote DNS > Receive DNS Settings from VPN Gateway
Advanced > Interoperability > Cisco

Availability: Depending on the selected device profile. Use a custom device
profile to be able to select any method.

VPN Gateway Setting: No special settings are needed to use Cisco EasyVPN
with EasyVPN-capable Cisco devices. For more details, refer to our Cisco con-
figuration guides.

SonicWALL DHCP over VPN

An automatic configuration method implemented by SonicWALL devices that
is capable of transmitting the settings for the Local Address and the Remote
DNS settings (DNS servers and search domain).

Related Settings: Basic > Network Configuration > Local Address
Basic > Remote DNS > Receive DNS Settings from VPN Gateway

Availability: Depending on the selected device profile. Use a custom device
profile to be able to select any method.

VPN Gateway Setting: GroupVPN > Client > Virtual Adapter Setting > DHCP
Lease (or DHCP Lease or Manual Configuration) + suitable configuration for
DHCP server and VPN > DHCP over VPN.

SonicWALL Simple Client Provisioning (SCP)

An automatic configuration method implemented by SonicWALL devices that
can supply all settings of a VPN connection to the client.

Related Settings: Basic > Remote DNS > Receive DNS Settings from VPN
Gateway

Availability: Depending on the selected device profile. Use a custom device
profile to be able to select any method.

VPN Gateway Setting: No special configuration needed. Requires SonicOS
4.0 or newer.

Topology

In most cases, the topology should be set to

Host to Network

. This means

that a single host (= your Mac) connects to one or more remote networks
through VPN. Only network traffic destined for these networks is sent through
the VPN, all other traffic is sent out unmodified through the Mac’s Internet
connection.

Other possible topologies are:

Host to Everywhere

A single host tunneling all its Internet traffic through VPN. This is equivalent to
a Host to Network connection with a remote network of 0.0.0.0/0.

For Host to Everywhere to work, the VPN gateway must accept a policy with a
0.0.0.0/0 endpoint, and also take care of the routing and Network Address
Translation (NAT) for the VPN client when it tries to access the Internet.

Network to Network

A (local) network being connected to another (remote) network, with the Mac
running VPN Tracker acting as the local VPN gateway, and another VPN gate-
way at the remote end. This can be used to connect a branch or home office
with multiple computers to a main office. The Mac running VPN Tracker needs
to have routing enabled and has to be configured as the router for the other
computers that are to use the VPN.

Host to Host

A single host (= your Mac) accessing another single host (e.g. a single file
server, email server etc.) through VPN.

44