By default a disabled VPN server port is configured on the Com.X. To configure, right-click the interface in the interfaces list and select edit. The VPN interface configuration as in Figure 38 will load. Configure interface IP settings appropriately, then select the VPN tab.
<Figure 39 VPN server config options>
Field |
Contents |
Port Number |
The port to be used by clients to connect to the VPN. Defaults to 1194. |
Use LZO Compression |
The VPN may be configured to use compression on all packets. This will save network bandwidth but incur some performance penalty. Client and server configuration must match. |
Transport |
Select between TCP and UDP for VPN transport. |
VPN Public IP |
The Public IP address of the VPN server, if required. This is used allow client configuration to be generated automatically, see next section. |
VPN Public port |
The associated port on the public IP of the VPN, if required. |
Routes
Routes are added by selecting the Routes tab once configuring the interface. Routes on VPN interfaces are added as with any other network interface as described in Section 3.2.6
Generating certificates for clients
To generate authentication certificates for client devices, right-click on the interface in the interfaces list, and select VPN Clients. Select New and enter the name of the client. Review and apply your changes to create the client.
<Figure 40 image of all interfaces including a VPNS1. >
Once a client is created and the configuration applied, a certificate pack and/or configuration pack for the client can be generated. Right-click the client in the clients list, and select Get Configuration.
<Figure 41 getting certificates & cert format>
Select your desired certificate packaging and save the file to a location on your desktop/laptop computer.
Note: Changes must be applied after the creation of a client before requesting configuration. No client configuration is created before the changes are applied, and so no configuration will available for unapplied clients. |
Revoking Client certificates
To revoke certification for a client device, right-click on the desired device in the VPN Served Clients list, and select Revoke. Clients authenticating with revoked certifcates will be denied. Note that a certificate, once revoked, cannot be used again. A new client certificate will have to be issued.