The following section describes how to set up a client to communicate with an Ecessa SSL VPN server. The Ecessa device can also generate the appropriate OpenVPN configuration file and export a zip or tar+gzipped file containing the configuration file and PKCS12 certificate.
Exporting a Client Configuration
- Navigate to ‘VPN’ under the ‘Advanced Setup’ section on the left hand menu.
- Click the link ‘SSL VPN Clients’.
- Next click on ‘Export Client Configurations’.
- Select the desired SSL VPN SA from the dropdown ‘SSL Connection Name’.
- ‘Export Format’ can be chosen from the dropdown.
- This is used for compression of the files. ZIP is common for Windows, though TAR-GZIP is suitable for Linux or MAC clients.
- Click the ‘Add’ button under ‘ShieldLink/ClariLink Clients’.
- Type the client name under ‘Custom Name’ or select a configured client (*) from the dropdown ‘Client Name’.
- Select the certificate to be used from the dropdown ‘Certificate’
- A configuration file alone can be exported if ‘Custom Certificate’ is used.
- Click the button ‘Export Configuration(s)’
- A dialog box will prompt for a location to save the zip/tgz file.
Creating a Client Specific Configuration
Creating a specific client configuration is optional but gives the added benefit of making additional subnets available to the client. This can be done on a per-client basis. Optionally, if the client is capable of IP forwarding, LAN subnets can be opened on the client side to be made accessible to the server.
- Navigate to ‘VPN’ under the ‘Advanced Setup’ section on the left hand menu.
- Click the link ‘ SSL VPN Clients’.
- Click the button ‘Add’.
- The ‘Name’ field should match that of the Common Name of the client certificate.
- Under ‘Private Networks’ click ‘Add’.
- Enter the subnet in CIDR notation to be made available to the client.
- If IP forwarding is available on the client and exposure to their local LAN is desirable ‘Add’ subnet information in CIDR notation.
- Click the ‘Activate’ button at the bottom of the page.
0 Comments