D-Link DWC-1000 User Manual - Page 235

Configuring VPN clients

Get D-Link DWC-1000 PDF manuals and user guides View all D-Link DWC-1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 235 highlights

Wireless Controller User Manual W ith a configured RA DIUS s erver, the controller connects to a RA DIUS s erver and p as s es t o it t h e credent ials t h at it receiv es fro m t h e VPN clien t . Yo u can s ecu re t h e connection between the controller and the RADIUS s erver with the authentication protocol s upported by the s erver (PAP or CHAP). For RADIUS - PAP, the controller firs t checks in the us er databas e to s ee if the us er credentials are available; if they are not, the controller connects to the RADIUS s erver. 8.2.2 Internet ov er IPSec tunnel In t h is feat u re all t h e t raffic will p as s t h rou gh t h e VPN Tu n n el an d fro m t h e Rem o t e Gat eway t h e p acket will b e ro u t ed t o In t ern et . On t h e remo t e g at eway s id e, t h e outgoing packet will be SNAT'ed. 8.3 Configuring VPN clients Remo t e VPN clien t s mu s t b e co nfig u red wit h t h e s ame VPN p o licy p aramet ers used in t h e VPN t u n n el t h at t h e clien t wis h es t o u se: en crypt io n, au thent icat ion , life t ime, an d PFS key -g ro u p . Up o n es t ab lis h in g t h es e au t h en t icat io n p aramet ers , t h e VPN Clien t u s er d at ab as e mu s t als o b e p o p u lat ed wit h an acco u n t t o g iv e a u s er acces s t o t h e t u n n e l.  VPN clien t s o ft ware is req u ired t o es t ab lis h a VPN t u n n el b et ween t h e co n t ro ller an d remo t e en dpo int . Op en s o urce s oft ware (su ch as Op en VPN or Op en s wan ) as well as M icro s o ft IPs ec VPN s o ft ware can b e co n fig u red wit h t h e req u ired IKE p o licy p aramet ers t o es t ab lis h an IPs ec VPN t u n n e l. Refer to the client s oftware guide for detailed ins tructions on s etup as well as the controller‟s online help. Th e u s er d at abase co nt ain s t he lis t o f VPN u s er acco un ts t h at are au t h o rized t o u s e a g iv en VPN t u n n el. A lt ern at iv ely VPN t u n n el u s ers can b e au t h en t icat ed u s in g a co n fig u red Rad iu s d at ab ase. Refer t o t h e o nlin e h elp t o d et ermin e h o w t o p o pu late the us er databas e and/or configure RADIUS authentication. 233

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
Wireless Controller
User Manual
233
With a configured RADIUS server, the controller connects to a RADIUS server and
passes to it the credentials that it receives from the VPN client. You can secure the
connection between the controller and the RADIUS server with the authentication
protocol supported by the server (PAP or CHAP). For RADIUS
PAP, the
controller first checks in the user database to see if the user credentials are
available; if they are not, the controller connects to the RADIUS server.
8.2.2
Internet over IPSec tunnel
In this feature all the traffic will pass through the VPN Tunnel and from the Remote
Gateway the packet will be routed to Internet. On the remote gateway side, the
outgoing packet will be SNAT'ed.
8.3
Configuring VPN clients
Remote VPN clients must be configured with the same VPN policy parameters used in
the VPN tunnel that the client wishes to use: encryption, authentication, life time, and
PFS key-group. Upon establishing these authentication parameters, the VPN Client
user database must also be populated with an account to give a user access to the
tunnel.
VPN client software is required to establish a VPN tunnel between the
controller and remote endpoint. Open source software (such as OpenVPN or
Openswan) as well as Microsoft IPsec VPN software can be configured
with the required IKE policy parameters to establish an IPsec VPN tunnel.
Refer to the client software guide for detailed instructions on setup as well
as the controller
‟s
online help.
The user database contains the list of VPN user accounts that are authorized to use a
given VPN tunnel. Alternatively VPN tunnel users can be authenticated using a
configured Radius database. Refer to the online help to determine how to populate the
user database and/or configure RADIUS authentication.