Novell Home

How to Configure VPN Services on BorderManager

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 9 Aug 2002
 

VPN General Configuration Steps

Master VPN Server

1. Configure IP addresses for the VPN table: - Network IP address
- Tunnel IP address (filtered at public interface)
NOTE: The VPN tunnel IP address must be a unique network address and not just a unique IP address

2. Generate encryption info [Public/Private Key pair] (shared secret!)
This will automatically add VPN master to the VPN table
NOTE: Generating this key can take up to 20 minutes.
NOTE: Uses random seed

3. Copy the encryption information for creating slaves into VPN.

4. Copy the Masters public key file and DH parameter file (MINFO.VPN)

5. Send MINFO.VPN to the administrator(s) of the VPN Slave(s).

Slave VPN Server(s)

1. Configure IP addresses for the VPN table.
- Network IP address
- Tunnel IP address (filtered at public interface)

2. Insert VPN Master's encryption diskette and verify authenticity of the public keys.

3. Generate the Slaves encryption information [Public/Private Key pair].
You can use random seeds (random characters).
NOTE: generating this key can take up to 20 minutes

4. When prompted, make a copy of SINFO.VPN to a diskette or hard drive.

5. Send SINFO.VPN to the VPN Master Administrator.

NWADMN95 Snap-In

Use NWADMIN95 to:

- Add VPN slaves to the VPN network.
- Synchronize VPN Slaves public key to the VPN table.
- View logging/status information.

VPN Configuration Tips

VPN Tunnel IP addresses:

a. Must be a unique network address and not just a unique IP address on your private network.
b. Must be part of the same subnet as the VPN Master tunnel IP address (this applies to Slave VPN servers).
c. Need not be registered Internet address.
d. Will not be advertised to the Internet (public network).
e. Are known to your private network.

NOTE: Generating the VPN keys in VPNCFG can take up to 20 minutes.

NOTE: The "Add" button in NWAdmn95, that is used to add VPN Slave(s), looks grayed out, but it is fully functional.

NOTE: If a Slave server is making a connection over the Internet, it must have a numbered connection to the ISP.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell