Lantronix EMG 8500 EMG User Guide - Page 127

7: Networking Custom ipsec.conf Configuration A custom ipsec.conf file can be uploaded to the EMG. This file can include any of the strongSwan options which are not configurable from the UIs. The ipsec.conf file should include one conn section which defines the tunnel parameters. An ipsec.conf file containing more than one conn section will be rejected for upload. When a custom ipsec.conf file has been uploaded to the console manager, any VPN options configured via the UIs (with the exception of authentication tokens, see below) are ignored, and the UIs will not display the options given in the custom ipsec.conf file. A description of the format of the ipsec.conf file as well as all strongSwan options is available here. The EMG uses strongSwan version 5.8.4 , so not all options listed in the strongSwan ipsec.conf documentation will be supported by the EMG. Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates) required by the custom ipsec.conf must be configured through the EMG UIs, and must be configured or installed before a tunnel is brought up with an uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf file, the authentication tokens required for the authby parameter are verified to exist before the tunnel is started. For example, if authby=rsasig, the EMG will verify that the EMG RSA public/private key has been generated and that the peer RSA public key has been uploaded. To upload a custom ipsec.conf file, select the Upload File link next to the Uploaded Configuration field. The file name should not contain characters. To delete an uploaded custom ipsec.conf file, select the Delete Configuration File checkbox next to the Uploaded Configuration field. To view an uploaded custom ipsec.conf file, select the View Configuration link next to the Uploaded Configuration field. If a file has been uploaded it will be displayed; otherwise the auto-generated file will be displayed if it exists. The file is auto-generated when a tunnel is enabled (if a custom file has not been uploaded). To download the current in-use ipsec.conf file (either the ipsec.conf file automatically generated by the EMG or an uploaded custom ipsec.conf file), select the Download Configuration button. Downloading the ipsec.conf file automatically generated by the EMG is a good starting point for adding extra VPN options; the tunnel must be enabled in order for the EMG to autogenerate an ipsec.conf file that can be downloaded. Tunnel Restart If enabled, the watchdog program will automatically restart the VPN tunnel when the tunnel goes down. Initially, when the tunnel goes down, it will be restarted immediately. After the first restart, if the tunnel still fails to come up, the watchdog program will restart the tunnel periodically every X seconds, where X is the Dead Peer Detection Timeout plus 60 seconds, until the tunnel comes back up. Email Address Email address to receive email alerts when the tunnel goes up or down. 3. To save, click Apply button. More Actions on the VPN page:  To see details of the VPN tunnel connection, including the cryptographic algorithms used, select the View Detailed Status link.  To see the last 200 lines of the logs associated with the VPN tunnel, select the View VPN Logs link. EMG™ Edge Management Gateway User Guide 127