[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-svn
Subject: [Ipcop-svn] SF.net SVN: ipcop:[3873] IPCopDoc/trunk/en/admin
From: eoberlander () users ! sourceforge ! net
Date: 2009-11-24 20:40:29
Message-ID: E1ND2BZ-0004wU-Ku () 74yxhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 3873
http://ipcop.svn.sourceforge.net/ipcop/?rev=3873&view=rev
Author: eoberlander
Date: 2009-11-24 20:40:29 +0000 (Tue, 24 Nov 2009)
Log Message:
-----------
Add screenshot, and some text.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/images/vpn-con1.png
IPCopDoc/trunk/en/admin/xml/vpns.xml
Modified: IPCopDoc/trunk/en/admin/images/vpn-con1.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/xml/vpns.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-11-23 19:19:45 UTC (rev 3872)
+++ IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-11-24 20:40:29 UTC (rev 3873)
@@ -215,6 +215,38 @@
<sect2 id="vpns-ipsec">
<title>IPsec Configuration Administrative Web Page</title>
+ <para>
+ To set up a VPN with IPsec, do the following:
+ </para>
+ <orderedlist>
+ <listitem>
+ <para>
+ First, enable VPN on your chosen interface(s) in the
+ <link linkend="vpns-ipsec-global">Global Settings</link>
+ section.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Add either a
+ <link linkend="vpns-ipsec-type-one">Host-to-Net \
(Roadwarrior)</link> + connection, or a
+ <link linkend="vpns-ipsec-type-two">Net-to-Net</link>
+ connection.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Next item...
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Next item...
+ </para>
+ </listitem>
+ </orderedlist>
+
<sect3 id="vpns-ipsec-global">
<title>Global settings</title>
<para>
@@ -406,9 +438,76 @@
connection.
</para>
</formalpara>
- <para>
- Section to be written...
- </para>
+ <formalpara>
+ <title><guilabel>Enabled</guilabel></title>
+ <para>
+ Tick the
+ <guibutton>Enabled</guibutton>
+ checkbox to enable this connection.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Host IP Address</guilabel></title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remote Host/IP</guilabel> - optional</title>
+ <para>
+ Enter the static Internet IP address of the remote \
network's + IPSec server.
+ You can also enter the fully qualified domain name of the remote
+ server.
+ If the remote server is using a dynamic DNS service, you may \
have + to restart the VPN if its IP address changes.
+ There are several scripts available on the IPCop news groups
+ that will do this for you.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Local Subnet</guilabel></title>
+ <para>
+ <guilabel>Local Subnet</guilabel> defaults to your GREEN \
network. + If desired, you can create a subnet of your GREEN \
network to limit + roadwarrior access to your GREEN network.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Local ID</guilabel> - optional</title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remote ID</guilabel> - optional</title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Dead Peer Detection action</guilabel></title>
+ <para>
+ Clear, hold or restart.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remark</guilabel> - optional</title>
+ <para>
+ The <guilabel>Remark</guilabel> field allows you to add an \
optional + comment that will appear in the IPCop VPNs connection \
window for this + connection.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Edit advanced settings when done</guilabel></title>
+ <para>
+ Tick the
+ <guilabel>Edit advanced settings when done</guilabel>
+ checkbox if you need to modify IPCop's default
+ settings for IPSec.
+ </para>
+ </formalpara>
</sect3>
<sect3 id="vpns-ipsec-type-two">
@@ -524,6 +623,79 @@
</formalpara>
</sect3>
+ <sect3 id="vpns-ipsec-authentication">
+ <title>
+ <guilabel>Authentication</guilabel>
+ </title>
+ <para>
+ The second section of the web page deals with authentication.
+ In other words, this is how this IPCop will make sure the tunnel
+ established by both sides of the interface is talking to its \
opposite + number.
+ IPCop has made every effort to support both PSKs and X.509
+ certificates.
+ There are four mutually exclusive choices that can be used to
+ authenticate a connection.
+ </para>
+ <formalpara>
+ <title><guilabel>Use a Pre-Shared Key</guilabel></title>
+ <para>
+ Enter a pass phrase to be used to authenticate the other side
+ of the tunnel.
+ Chose this if you wish a simple Net-to-Net VPN.
+ You can also use PSKs while experimenting in setting up a VPN.
+ <emphasis>
+ Do not use PSKs to authenticate tunnels to roadwarriors.
+ </emphasis>
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Upload certificate request</guilabel></title>
+ <para>
+ Some roadwarrior IPSec implementations do not have their
+ own CA.
+ If they wish to use IPSec's built in CA, they can generate
+ what is called a certificate request.
+ This is a partial X.509 certificate that must be signed by CA to
+ be a complete certificate.
+ During certificate request upload, the request is signed and the
+ new certificate will become available on the VPNs main web page.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Upload a certificate</guilabel></title>
+ <para>
+ In this case, the peer IPSec has a CA available for use.
+ Both the peer's CA certificate and host certificate must
+ be uploaded.
+ </para>
+ </formalpara>
+<!-- <formalpara>
+ <title><guilabel>Generate a certificate</guilabel></title>
+ <para>
+ In this case, the IPSec peer will be able to provide an X.509
+ certificate, but lacks the capacity to even generate a \
certificate + request.
+ In this case, complete the required fields.
+ Optional fields are indicated by red dots.
+ If this certificate is for a Net-to-Net connection, the
+ <guilabel>
+ User's Full Name or System Hostname
+ </guilabel>
+ field may need to be the Internet fully qualified domain name
+ of the peer.
+ The optional organization name is meant to isolate different \
portions + of an organization from access to IPCop's full \
GREEN network + by subnetting the <guilabel>Local \
Subnet</guilabel> in the connection + definition portion of this \
web page. + The
+ <guilabel>PKCS12 File Password</guilabel>
+ fields ensure that the host certificates generated cannot be \
intercepted + and compromised while being transmitted to the IPSec \
peer. + </para>
+ </formalpara> -->
+ </sect3>
+
</sect2>
<sect2 id="vpns-openvpn">
@@ -1086,141 +1258,18 @@
</sect2>
<!--
+<formalpara>
+ <title><guilabel>Interface</guilabel></title>
+ <para>
+ Then select the IPCop network interface the road warrior will be
+ connecting on, either RED or BLUE.
+ Selecting the RED interface will allow the roadwarrior to connect
+ from the Internet.
+ Selecting the BLUE interface will allow the roadwarrior to connect
+ to the GREEN network from a local wireless network.
+ </para>
+</formalpara>
-
- <sect4 id="create-host-to-net">
- <title>Host-to-Net Connection</title>
- <formalpara>
- <title><guilabel>Name</guilabel></title>
- <para>
- Choose a simple name (lower case only with no spaces)
- to identify this connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Interface</guilabel></title>
- <para>
- Then select the IPCop network interface the road warrior will be
- connecting on, either RED or BLUE.
- Selecting the RED interface will allow the roadwarrior to \
connect
- from the Internet.
- Selecting the BLUE interface will allow the roadwarrior to \
connect
- to the GREEN network from a local wireless network.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Local Subnet</guilabel></title>
- <para>
- <guilabel>Local Subnet</guilabel> defaults to your GREEN \
network.
- If desired, you can create a subnet of your GREEN network to \
limit
- roadwarrior access to your GREEN network.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Remark</guilabel></title>
- <para>
- <guilabel>Remark</guilabel> allows you to add an optional remark
- that will appear in the IPCop VPNs connection window for this
- connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Enable</guilabel></title>
- <para>
- Click on the
- <guibutton>Enable</guibutton>
- check box to enable this connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guibutton>Edit advanced settings when \
done.</guibutton></title>
- <para>
- Click on the
- <guibutton>Edit advanced settings when done</guibutton>
- check box if you need to modify IPCop's default settings \
for
- IPSec.
- </para>
- </formalpara>
- </sect4>
-
- </sect3>
-
-
-
- <sect3 id="vpns-authentication">
- <title>
- <guilabel>Authentication</guilabel>
- </title>
- <para>
- The second section of the web page deals with authentication.
- In other words, this is how this IPCop will make sure the tunnel
- established by both sides of the interface is talking to its opposite
- number.
- IPCop has made every effort to support both PSKs and X.509
- certificates.
- There are four mutually exclusive choices that can be used to
- authenticate a connection.
- </para>
- <formalpara>
- <title><guilabel>Use a Pre-Shared Key</guilabel></title>
- <para>
- Enter a pass phrase to be used to authenticate the other side
- of the tunnel.
- Chose this if you wish a simple Net-to-Net VPN.
- You can also use PSKs while experimenting in setting up a VPN.
- <emphasis>
- Do not use PSKs to authenticate tunnels to roadwarriors.
- </emphasis>
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Upload certificate request</guilabel></title>
- <para>
- Some roadwarrior IPSec implementations do not have their
- own CA.
- If they wish to use IPSec's built in CA, they can generate
- what is called a certificate request.
- This is a partial X.509 certificate that must be signed by CA to
- be a complete certificate.
- During certificate request upload, the request is signed and the
- new certificate will become available on the VPNs main web page.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Upload a certificate</guilabel></title>
- <para>
- In this case, the peer IPSec has a CA available for use.
- Both the peer's CA certificate and host certificate must
- be uploaded.
- </para>
- </formalpara>
- <formalpara>
- <title>
- <guilabel>Generate a certificate</guilabel>
- </title>
- <para>
- In this case, the IPSec peer will be able to provide an X.509
- certificate, but lacks the capacity to even generate a certificate
- request.
- In this case, complete the required fields.
- Optional fields are indicated by blue dots.
- If this certificate is for a Net-to-Net connection, the
- <guilabel>
- User's Full Name or System Hostname
- </guilabel>
- field may need to be the Internet fully qualified domain name
- of the peer.
- The optional organization name is meant to isolate different \
portions
- of an organization from access to IPCop's full GREEN network
- by subnetting the <guilabel>Local Subnet</guilabel> in the \
connection
- definition portion of this web page.
- The
- <guilabel>PKCS12 File Password</guilabel>
- fields ensure that the host certificates generated cannot be \
intercepted
- and compromised while being transmitted to the IPSec peer.
- </para>
- </formalpara>
- </sect3>
<sect3 id="vpns-authorisation">
<title>
Authentication
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic