Follow

SSL VPN Client Configuration

The following section describes how to set up a client to communicate with an Ecessa SSL VPN server. A sample OpenVPN configuration is provided in the section ‘Sample Client Configuration’. The Ecessa device can also generate the appropriate OpenVPN configuration file and export a zip or tar+gzipped file containing the configuration file and PKCS12 certificate.

Creating a Client Specific Configuration

Creating a specific client configuration is optional but gives the added benefit of making additional subnets available to the client. This can be done on a per-client basis. Optionally, if the client is capable of IP forwarding, LAN subnets can be opened on the client side to be made accessible to the server.

  1. Navigate to ‘VPN’ under the ‘Advanced Setup’ section on the left hand menu.
  2. Click the link ‘ SSL VPN Clients’.
  3. Click the button ‘Add’.
  4. The ‘Name’ field should match that of the Common Name of the client certificate.
  5. Under ‘Private Networks’ click ‘Add’.
    1. Enter the subnet in CIDR notation to be made available to the client.
  6. If IP forwarding is available on the client and exposure to their local LAN is desirable ‘Add’ subnet information in CIDR notation.
  7. Click the ‘Activate’ button at the bottom of the page.

Exporting a Client Configuration

To export a client certificate with the correct configuration file, first upload the client certificate to the Ecessa device. This procedure can be found under ‘Certificate Management’ in the section ‘Uploading Certificates’. Once the desired certificate is uploaded the following steps should be taken:

  1. Navigate to ‘VPN’ under the ‘Advanced Setup’ section on the left hand menu.
  2. Click the link ‘SSL VPN Clients’.
  3. Next click on ‘Export Client Configurations’.
  4. Select the desired SSL VPN SA from the dropdown ‘SSL Connection Name’.
  5. ‘Export Format’ can be chosen from the dropdown.
    1. This is used for compression of the files. ZIP is common for Windows, though TAR-GZIP is suitable for Linux or MAC clients.
  6. Click the ‘Add’ button under ‘ShieldLink/ClariLink Clients’.
  7. Type the client name under ‘Custom Name’ or select a configured client (*) from the dropdown ‘Client Name’.
  8. Select the certificate to be used from the dropdown ‘Certificate’
    1. A configuration file alone can be exported if ‘Custom Certificate’ is used.
  9. Click the button ‘Export Configuration(s)’
    1. A dialog box will prompt for a location to save the zip/tgz file.
  1. Log into the Ecessa device through HTTPS.
  2. Navigate to 'Certificates' located under 'Advanced Setup' on the left hand menu.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.