Menu
▾
▴
[Ipcop-svn] SF.net SVN: ipcop:[3864] IPCopDoc/trunk/en/admin
|
From: <eob...@us...> - 2009-11-22 20:33:34
|
Revision: 3864
http://ipcop.svn.sourceforge.net/ipcop/?rev=3864&view=rev
Author: eoberlander
Date: 2009-11-22 20:33:25 +0000 (Sun, 22 Nov 2009)
Log Message:
-----------
Initial check in for IPsec screenshots. More to follow in a day or two...
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/images/vpn-con2.png
IPCopDoc/trunk/en/admin/images/vpn-global.png
IPCopDoc/trunk/en/admin/images/vpn-status1.png
IPCopDoc/trunk/en/admin/images/vpn-type.png
IPCopDoc/trunk/en/admin/xml/vpns.xml
Modified: IPCopDoc/trunk/en/admin/images/vpn-con2.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/images/vpn-global.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/images/vpn-status1.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/images/vpn-type.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/xml/vpns.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-11-22 17:56:38 UTC (rev 3863)
+++ IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-11-22 20:33:25 UTC (rev 3864)
@@ -215,9 +215,315 @@
<sect2 id="vpns-ipsec">
<title>IPsec Configuration Administrative Web Page</title>
- <para>
- Content to be written...
- </para>
+ <sect3 id="vpns-ipsec-global">
+ <title>Global settings</title>
+ <para>
+ The first line in the Global Settings box indicates if the
+ <command>IPsec</command> server is stopped or running.
+ </para>
+ <para>
+ <figure id="v200.vpn.011">
+ <title>Global settings</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Global settings section</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <formalpara>
+ <title>IPsec on RED</title>
+ <para>
+ Check this box to enable the OpenVPN server for RED.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>IPsec on BLUE</title>
+ <para>
+ Only visible if you have configured a BLUE interface.
+ Check this box to enable the IPsec server for BLUE.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>IPsec on ORANGE</title>
+ <para>
+ Only visible if you have configured an ORANGE interface.
+ Check this box to enable the IPsec server for ORANGE.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Public IP or FQDN for RED interface or <%defaultroute></title>
+ <para>
+ Enter the IPsec server details, either its fully qualified
+ domain name or the public IP address of the red interface.
+ If you are using a dynamic DNS service, you should use your
+ dynamic DNS name here.
+ </para>
+ </formalpara>
+ <note>
+ <title>VPNs and Dynamic DNS</title>
+ <para>
+ If your ISP changes your IP address, be aware that
+ Net-to-Net VPNs may have to be restarted from both ends
+ of the tunnel.
+ Roadwarriors will also have to restart their connections
+ in this case.
+ </para>
+ </note>
+ <formalpara>
+ <title>Override default MTU - optional</title>
+ <para>
+ The MTU (Maximum Transmission Units) is the maximum
+ datagram size in bytes that can be sent unfragmented over a
+ particular network path.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Delay before launching VPN (seconds)</title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Restart net-to-net vpn when remote peer IP changes...</title>
+ <para>
+ Restart net-to-net vpn when remote peer IP address
+ changes (dyndns).
+ This helps Dead Peer Detection (DPD).
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>PLUTO DEBUG</title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ </sect3>
+
+ <sect3 id="vpns-ipsec-status">
+ <title>Connection Status and Control</title>
+ <para>
+ <figure id="v200.vpn.012">
+ <title>Connection status and control window: Initial View</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Connection status screen</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <para>
+ To create an IPsec VPN connection use the
+ <guibutton>Add</guibutton>
+ button.
+ The VPN connection type page will appear.
+ </para>
+ </sect3>
+
+ <sect3 id="vpns-ipsec-type">
+ <title>
+ Connection Type
+ </title>
+ <para>
+ <figure id="v200.vpn.013">
+ <title>Connection Type Selection</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Connection Type screen</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <para>
+ Select either
+ <guilabel>Host-to-Net VPN (Roadwarrior)</guilabel>
+ for mobile users who need access to the GREEN network
+ or
+ <guilabel>Net-to-Net VPN</guilabel>
+ to allow users on another network access to your GREEN
+ network and to allow users on your GREEN network access
+ to the other network.
+ </para>
+ <para>
+ Choose the connection type you wish to create and click on
+ the <guibutton>Add</guibutton> button.
+ </para>
+ <para>
+ The next page that appears contains two sections.
+ The <guilabel>Connection</guilabel> section will be different
+ depending on the connection type you are adding.
+ The <guilabel>Authentication</guilabel> section will be the same.
+ </para>
+ </sect3>
+
+ <sect3 id="vpns-ipsec-type-one">
+ <title>
+ Host-to-Net Connection
+ </title>
+ <para>
+ <figure id="v200.vpn.014">
+ <title>Host-to-Net Connection</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Host-to-Net Connection screen</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <formalpara>
+ <title><guilabel>Name</guilabel></title>
+ <para>
+ A simple name (lowercase only, with no spaces) to identify this
+ connection.
+ </para>
+ </formalpara>
+ <para>
+ Section to be written...
+ </para>
+ </sect3>
+
+ <sect3 id="vpns-ipsec-type-two">
+ <title>
+ Net-to-Net Connection
+ </title>
+ <para>
+ <figure id="v200.vpn.015">
+ <title>Net-to-Net Connection</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Net-to-Net Connection section</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <formalpara>
+ <title><guilabel>Name</guilabel></title>
+ <para>
+ Choose a simple name (lowercase only, with no spaces)
+ to identify this connection.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Enabled</guilabel></title>
+ <para>
+ Tick the
+ <guibutton>Enabled</guibutton>
+ checkbox to enable this connection.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Host IP Address</guilabel></title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remote Host/IP</guilabel></title>
+ <para>
+ Enter the static Internet IP address of the remote network's
+ IPSec server.
+ You can also enter the fully qualified domain name of the remote
+ server.
+ If the remote server is using a dynamic DNS service, you may have
+ to restart the VPN if its IP address changes.
+ There are several scripts available on the IPCop news groups
+ that will do this for you.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Local Subnet</guilabel></title>
+ <para>
+ <guilabel>Local Subnet</guilabel> defaults to your GREEN network.
+ If desired, you can create a subnet of your GREEN network to limit
+ roadwarrior access to your GREEN network.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remote subnet</guilabel></title>
+ <para>
+ Enter the remote network's network address and
+ subnet mask in the same format as the
+ <guilabel>Local Subnet</guilabel>
+ field.
+ This network must be different from the
+ <guilabel>Local Subnet</guilabel>
+ since IPSec sets up routing table entries to send IP
+ packets to the correct remote network.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Local ID - optional</guilabel></title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remote ID - optional</guilabel></title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Dead Peer Detection action</guilabel></title>
+ <para>
+ Content to be written...
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Remark - optional</guilabel></title>
+ <para>
+ The <guilabel>Remark</guilabel> field allows you to add an optional
+ comment that will appear in the IPCop VPNs connection window for this
+ connection.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Edit advanced settings when done</guilabel></title>
+ <para>
+ Tick the
+ <guilabel>Edit advanced settings when done</guilabel>
+ checkbox if you need to modify IPCop's default
+ settings for IPSec.
+ </para>
+ </formalpara>
+ </sect3>
+
</sect2>
<sect2 id="vpns-openvpn">
@@ -580,7 +886,15 @@
You need to have a pre-shared key/password/pass phrase or an
X.509 certificate before trying to configure a Roadwarrior or
Net-to-Net VPN connection.
- These are methods of authentication, which identify the
+ These are <note id="vpns-ddns">
+ <title>VPNs and Dynamic DNS</title>
+ <para>
+ If your ISP changes your IP address, be aware that Net-to-Net VPNs
+ may have to be restarted from both ends of the tunnel.
+ Roadwarriors will also have to restart their connections in this case.
+ </para>
+ </note>
+ methods of authentication, which identify the
user trying to access the VPN.
They will be required in the VPN configuration stage.
</para>
@@ -772,132 +1086,8 @@
</sect2>
<!--
- <sect2 id="vpns-global">
- <title>
- Global Settings
- </title>
- <para>
- <figure id="v140.vpn.001">
- <title>VPN Global Settings</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>VPN Default Configuration</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <para>
- Enter the VPN server details, either its fully qualified domain name
- or the public IP address of the red interface.
- If you are using a dynamic DNS service, you should use your dynamic
- DNS name here.
- </para>
- <note id="vpns-ddns">
- <title>VPNs and Dynamic DNS</title>
- <para>
- If your ISP changes your IP address, be aware that Net-to-Net VPNs
- may have to be restarted from both ends of the tunnel.
- Roadwarriors will also have to restart their connections in this case.
- </para>
- </note>
- <para>
- Enable the VPN on IPCop by selecting
- <guilabel>Local VPN Hostname/IP</guilabel>
- and click on the
- <guibutton>Save</guibutton>
- button.
- The
- <guilabel>VPN on Blue</guilabel>
- option will only be visible if you have configured a BLUE
- network interface card.
- To enable a VPN over your BLUE wireless connection click on
- the
- <guilabel>VPN on BLUE</guilabel>
- <guibutton>Enabled:</guibutton>
- check box and then click on the
- <guibutton>Save</guibutton>
- button.
- </para>
- </sect2>
- <sect2 id="vpns-connection">
- <title>
- Connection Status and Control
- </title>
- <para>
- <figure id="v140.vpn.002">
- <title>VPN Connection status and control window: Initial View</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>VPN Connections</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <para>
- To create a VPN connection use the
- <guibutton>Add</guibutton>
- button.
- <link linkend="vpn-connection-type">
- The VPN connection type page will appear.
- </link>
- </para>
- <sect3 id="vpns-connection-type">
- <title>
- Connection Type
- </title>
- <para>
- <figure id="v140.vpn.003">
- <title>VPN Connection Type Selection</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>VPN Connection Types</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <para>
- Select either
- <guilabel>Host-to-Net (Roadwarrior)</guilabel>
- for mobile users who need access to the GREEN network
- or
- <guilabel>Net-to-Net</guilabel>
- to allow users on another network access to your GREEN
- network and to allow users on your GREEN network access
- to the other network.
- </para>
- <para>
- Choose the connection type you wish to create and click on
- the <guibutton>Add</guibutton> button.
- </para>
- <para>
- The next web page that appears contains two sections.
- The <guilabel>Connection</guilabel> section will be different
- depending on the connection type you are adding.
- The <guilabel>Authentication</guilabel> section will be the same.
- </para>
<sect4 id="create-host-to-net">
<title>Host-to-Net Connection</title>
<formalpara>
@@ -952,180 +1142,11 @@
</para>
</formalpara>
</sect4>
- <sect4 id="vpns-net-to-net">
- <title>Net-to-Net Connection</title>
- <formalpara>
- <title><guilabel>Name</guilabel></title>
- <para>
- Choose a simple name (lower case only with no spaces)
- to identify this connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>IPCop side</guilabel></title>
- <para>
- Choose an
- <guilabel>IPCop side,</guilabel>
- <guilabel>right</guilabel>
- or
- <guilabel>left</guilabel>,
- that will be used in the IPSec configuration files to identify this
- IPCop's side of the connection on this machine.
- Remember, the side makes no difference.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Local Subnet</guilabel></title>
- <para>
- <guilabel>Local Subnet</guilabel> defaults to your GREEN network.
- If desired, you can create a subnet of your GREEN network to limit
- roadwarrior access to your GREEN network.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Remote Host/IP</guilabel></title>
- <para>
- Enter the static Internet IP address of the remote network's
- IPSec server.
- You can also enter the fully qualified domain name of the remote
- server.
- If the remote server is using a dynamic DNS service, you may have
- to restart the VPN if its IP address changes.
- There are several scripts available on the IPCop news groups
- that will do this for you.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Remote subnet</guilabel></title>
- <para>
- Enter the remote network's network address and
- subnet mask in the same format as the
- <guilabel>Local Subnet</guilabel>
- field.
- This network must be different from the
- <guilabel>Local Subnet</guilabel>
- since IPSec sets up routing table entries to send IP
- packets to the correct remote network.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Remark</guilabel></title>
- <para>
- The <guilabel>Remark</guilabel> field allows you to add an optional
- comment that will appear in the IPCop VPNs connection window for this
- connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Enable</guilabel></title>
- <para>
- Click on the
- <guibutton>Enable</guibutton>
- check box to enable this connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guibutton>Edit advanced settings when done.</guibutton></title>
- <para>
- Click on the
- <guibutton>Edit advanced settings when done.</guibutton>
- check box if you need to modify IPCop's default settings for
- IPSec.
- </para>
- </formalpara>
- </sect4>
- </sect3>
- <sect3 id="vpns-type-one">
- <title>
- Host-to-Net Connection
- </title>
- <para>
- <figure id="v140.vpn.004">
- <title>VPN Host-to-Net Connection Input</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>VPN Host-to-Net Connection </phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <formalpara>
- <title><guilabel>Name</guilabel></title>
- <para>
- A simple name (lowercase only, with no spaces) to identify this
- connection.
- </para>
- </formalpara>
- <para>
- Section to be written...
- </para>
</sect3>
- <sect3 id="vpns-type-two">
- <title>
- Net-to-Net Connection
- </title>
- <para>
- <figure id="v140.vpn.005">
- <title>VPN Net-to-Net Connection Input</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>VPN Host-to-Net Connection</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <note>
- <title>Note on IPSec Terminology</title>
- <para>
- IPSec uses the terms
- <emphasis>right</emphasis> and
- <emphasis>left</emphasis> for the two sides of a connection or
- tunnel.
- These terms have no real meaning.
- IPSec will orient itself based on network addresses and routes.
- Once it determines which network connection, left or right, to use to
- get to the other side of a connection, all other right or left parameters
- follow.
- Many folks use left for the local side of a connection and right
- for the remote side.
- This is not necessary.
- It is best to think of the terms as <quote>side 1</quote> and
- <quote>side A</quote> of an old LP record.
- </para>
- </note>
- <formalpara>
- <title><guilabel>Name</guilabel></title>
- <para>
- A simple name (lowercase only, with no spaces) to identify this
- connection.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>IPCop side</guilabel></title>
- <para>
- Section to be written...
- </para>
- </formalpara>
- <para>
- Section to be written...
- </para>
- </sect3>
+
+
<sect3 id="vpns-authentication">
<title>
<guilabel>Authentication</guilabel>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|