Installing BorderManager 3.8: from the School of Hard Knocks
Novell Cool Solutions: Trench
Digg This -
Posted: 15 Jan 2004
If you've got experiences to share that might help someone else's install go smoother, we'd love to hear about them. Here's an interesting one.
KA wrote: I bit the bullet and installed BM3.8 on Saturday. Previously we were running a BM3.7 master, with two BM3.7 slaves.
First thing I learned was the importance of LDAP :) It didn't help that I was installing on a brand new NW6.5 server, which had been installed on a temporary IP before being moved "into place". Without LDAP, there is no iManager, and without SSL, there is no (secure) LDAP. A frustrating few hours of juggling certificates, .conf files and portal setups, and BM3.8 was installed and configured.
The IKE-based VPN works fine client-to-site; took me a few minutes to get the hang of the access rules, and iManager doesn't always get on well with Mozilla, but apart from that there's nothing too difficult. Again, having LDAP working seems to be the key to a lot of problems. At last, no more problems with VPN clients and conflicting address ranges - we can specify a range that clients are automatically assigned.
One thing that did slow me down was when trying to get the site-to-site VPN back up. For now, I want to continue using the SKIP VPN until I can get the slaves upgraded. However, with the default filters in place, it seems VPMASTER can't talk out to VPSLAVE to set up the initial connection and routes. With filters on, it would stick in NWAdmin as "being configured", and VPTUNNEL wasn't configured on the slaves. Without filters, it sync'd in a few seconds. Re-enabling the filters - and the VPN works fine! It's probably just a case of sticking in a couple of filter exceptions, but I thought it would only need 353/213 opened up ... not a huge issue, we'll not be reconfiguring often so I'm happy to leave it.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com