From: <eob...@us...> - 2009-11-22 20:33:34
|
Revision: 3864 http://ipcop.svn.sourceforge.net/ipcop/?rev=3864&view=rev Author: eoberlander Date: 2009-11-22 20:33:25 +0000 (Sun, 22 Nov 2009) Log Message: ----------- Initial check in for IPsec screenshots. More to follow in a day or two... Modified Paths: -------------- IPCopDoc/trunk/en/admin/images/vpn-con2.png IPCopDoc/trunk/en/admin/images/vpn-global.png IPCopDoc/trunk/en/admin/images/vpn-status1.png IPCopDoc/trunk/en/admin/images/vpn-type.png IPCopDoc/trunk/en/admin/xml/vpns.xml Modified: IPCopDoc/trunk/en/admin/images/vpn-con2.png =================================================================== (Binary files differ) Modified: IPCopDoc/trunk/en/admin/images/vpn-global.png =================================================================== (Binary files differ) Modified: IPCopDoc/trunk/en/admin/images/vpn-status1.png =================================================================== (Binary files differ) Modified: IPCopDoc/trunk/en/admin/images/vpn-type.png =================================================================== (Binary files differ) Modified: IPCopDoc/trunk/en/admin/xml/vpns.xml =================================================================== --- IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-11-22 17:56:38 UTC (rev 3863) +++ IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-11-22 20:33:25 UTC (rev 3864) @@ -215,9 +215,315 @@ <sect2 id="vpns-ipsec"> <title>IPsec Configuration Administrative Web Page</title> - <para> - Content to be written... - </para> + <sect3 id="vpns-ipsec-global"> + <title>Global settings</title> + <para> + The first line in the Global Settings box indicates if the + <command>IPsec</command> server is stopped or running. + </para> + <para> + <figure id="v200.vpn.011"> + <title>Global settings</title> + <mediaobject> + <imageobject role="fo"> + <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG" + contentwidth="14cm"/> + </imageobject> + <imageobject role="html"> + <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG" align="center"/> + </imageobject> + <textobject> + <phrase>Global settings section</phrase> + </textobject> + </mediaobject> + </figure> + </para> + <formalpara> + <title>IPsec on RED</title> + <para> + Check this box to enable the OpenVPN server for RED. + </para> + </formalpara> + <formalpara> + <title>IPsec on BLUE</title> + <para> + Only visible if you have configured a BLUE interface. + Check this box to enable the IPsec server for BLUE. + </para> + </formalpara> + <formalpara> + <title>IPsec on ORANGE</title> + <para> + Only visible if you have configured an ORANGE interface. + Check this box to enable the IPsec server for ORANGE. + </para> + </formalpara> + <formalpara> + <title>Public IP or FQDN for RED interface or <%defaultroute></title> + <para> + Enter the IPsec server details, either its fully qualified + domain name or the public IP address of the red interface. + If you are using a dynamic DNS service, you should use your + dynamic DNS name here. + </para> + </formalpara> + <note> + <title>VPNs and Dynamic DNS</title> + <para> + If your ISP changes your IP address, be aware that + Net-to-Net VPNs may have to be restarted from both ends + of the tunnel. + Roadwarriors will also have to restart their connections + in this case. + </para> + </note> + <formalpara> + <title>Override default MTU - optional</title> + <para> + The MTU (Maximum Transmission Units) is the maximum + datagram size in bytes that can be sent unfragmented over a + particular network path. + </para> + </formalpara> + <formalpara> + <title>Delay before launching VPN (seconds)</title> + <para> + Content to be written... + </para> + </formalpara> + <formalpara> + <title>Restart net-to-net vpn when remote peer IP changes...</title> + <para> + Restart net-to-net vpn when remote peer IP address + changes (dyndns). + This helps Dead Peer Detection (DPD). + Content to be written... + </para> + </formalpara> + <formalpara> + <title>PLUTO DEBUG</title> + <para> + Content to be written... + </para> + </formalpara> + </sect3> + + <sect3 id="vpns-ipsec-status"> + <title>Connection Status and Control</title> + <para> + <figure id="v200.vpn.012"> + <title>Connection status and control window: Initial View</title> + <mediaobject> + <imageobject role="fo"> + <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG" + contentwidth="14cm"/> + </imageobject> + <imageobject role="html"> + <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG" align="center"/> + </imageobject> + <textobject> + <phrase>Connection status screen</phrase> + </textobject> + </mediaobject> + </figure> + </para> + <para> + To create an IPsec VPN connection use the + <guibutton>Add</guibutton> + button. + The VPN connection type page will appear. + </para> + </sect3> + + <sect3 id="vpns-ipsec-type"> + <title> + Connection Type + </title> + <para> + <figure id="v200.vpn.013"> + <title>Connection Type Selection</title> + <mediaobject> + <imageobject role="fo"> + <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG" + contentwidth="14cm"/> + </imageobject> + <imageobject role="html"> + <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG" align="center"/> + </imageobject> + <textobject> + <phrase>Connection Type screen</phrase> + </textobject> + </mediaobject> + </figure> + </para> + <para> + Select either + <guilabel>Host-to-Net VPN (Roadwarrior)</guilabel> + for mobile users who need access to the GREEN network + or + <guilabel>Net-to-Net VPN</guilabel> + to allow users on another network access to your GREEN + network and to allow users on your GREEN network access + to the other network. + </para> + <para> + Choose the connection type you wish to create and click on + the <guibutton>Add</guibutton> button. + </para> + <para> + The next page that appears contains two sections. + The <guilabel>Connection</guilabel> section will be different + depending on the connection type you are adding. + The <guilabel>Authentication</guilabel> section will be the same. + </para> + </sect3> + + <sect3 id="vpns-ipsec-type-one"> + <title> + Host-to-Net Connection + </title> + <para> + <figure id="v200.vpn.014"> + <title>Host-to-Net Connection</title> + <mediaobject> + <imageobject role="fo"> + <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG" + contentwidth="14cm"/> + </imageobject> + <imageobject role="html"> + <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG" align="center"/> + </imageobject> + <textobject> + <phrase>Host-to-Net Connection screen</phrase> + </textobject> + </mediaobject> + </figure> + </para> + <formalpara> + <title><guilabel>Name</guilabel></title> + <para> + A simple name (lowercase only, with no spaces) to identify this + connection. + </para> + </formalpara> + <para> + Section to be written... + </para> + </sect3> + + <sect3 id="vpns-ipsec-type-two"> + <title> + Net-to-Net Connection + </title> + <para> + <figure id="v200.vpn.015"> + <title>Net-to-Net Connection</title> + <mediaobject> + <imageobject role="fo"> + <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG" + contentwidth="14cm"/> + </imageobject> + <imageobject role="html"> + <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG" align="center"/> + </imageobject> + <textobject> + <phrase>Net-to-Net Connection section</phrase> + </textobject> + </mediaobject> + </figure> + </para> + <formalpara> + <title><guilabel>Name</guilabel></title> + <para> + Choose a simple name (lowercase only, with no spaces) + to identify this connection. + </para> + </formalpara> + <formalpara> + <title><guilabel>Enabled</guilabel></title> + <para> + Tick the + <guibutton>Enabled</guibutton> + checkbox to enable this connection. + </para> + </formalpara> + <formalpara> + <title><guilabel>Host IP Address</guilabel></title> + <para> + Content to be written... + </para> + </formalpara> + <formalpara> + <title><guilabel>Remote Host/IP</guilabel></title> + <para> + Enter the static Internet IP address of the remote network's + IPSec server. + You can also enter the fully qualified domain name of the remote + server. + If the remote server is using a dynamic DNS service, you may have + to restart the VPN if its IP address changes. + There are several scripts available on the IPCop news groups + that will do this for you. + </para> + </formalpara> + <formalpara> + <title><guilabel>Local Subnet</guilabel></title> + <para> + <guilabel>Local Subnet</guilabel> defaults to your GREEN network. + If desired, you can create a subnet of your GREEN network to limit + roadwarrior access to your GREEN network. + </para> + </formalpara> + <formalpara> + <title><guilabel>Remote subnet</guilabel></title> + <para> + Enter the remote network's network address and + subnet mask in the same format as the + <guilabel>Local Subnet</guilabel> + field. + This network must be different from the + <guilabel>Local Subnet</guilabel> + since IPSec sets up routing table entries to send IP + packets to the correct remote network. + </para> + </formalpara> + <formalpara> + <title><guilabel>Local ID - optional</guilabel></title> + <para> + Content to be written... + </para> + </formalpara> + <formalpara> + <title><guilabel>Remote ID - optional</guilabel></title> + <para> + Content to be written... + </para> + </formalpara> + <formalpara> + <title><guilabel>Dead Peer Detection action</guilabel></title> + <para> + Content to be written... + </para> + </formalpara> + <formalpara> + <title><guilabel>Remark - optional</guilabel></title> + <para> + The <guilabel>Remark</guilabel> field allows you to add an optional + comment that will appear in the IPCop VPNs connection window for this + connection. + </para> + </formalpara> + <formalpara> + <title><guilabel>Edit advanced settings when done</guilabel></title> + <para> + Tick the + <guilabel>Edit advanced settings when done</guilabel> + checkbox if you need to modify IPCop's default + settings for IPSec. + </para> + </formalpara> + </sect3> + </sect2> <sect2 id="vpns-openvpn"> @@ -580,7 +886,15 @@ You need to have a pre-shared key/password/pass phrase or an X.509 certificate before trying to configure a Roadwarrior or Net-to-Net VPN connection. - These are methods of authentication, which identify the + These are <note id="vpns-ddns"> + <title>VPNs and Dynamic DNS</title> + <para> + If your ISP changes your IP address, be aware that Net-to-Net VPNs + may have to be restarted from both ends of the tunnel. + Roadwarriors will also have to restart their connections in this case. + </para> + </note> + methods of authentication, which identify the user trying to access the VPN. They will be required in the VPN configuration stage. </para> @@ -772,132 +1086,8 @@ </sect2> <!-- - <sect2 id="vpns-global"> - <title> - Global Settings - </title> - <para> - <figure id="v140.vpn.001"> - <title>VPN Global Settings</title> - <mediaobject> - <imageobject role="fo"> - <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG" - contentwidth="14cm"/> - </imageobject> - <imageobject role="html"> - <imagedata fileref="&imagepath;vpn-global.&imageext;" format="PNG" align="center"/> - </imageobject> - <textobject> - <phrase>VPN Default Configuration</phrase> - </textobject> - </mediaobject> - </figure> - </para> - <para> - Enter the VPN server details, either its fully qualified domain name - or the public IP address of the red interface. - If you are using a dynamic DNS service, you should use your dynamic - DNS name here. - </para> - <note id="vpns-ddns"> - <title>VPNs and Dynamic DNS</title> - <para> - If your ISP changes your IP address, be aware that Net-to-Net VPNs - may have to be restarted from both ends of the tunnel. - Roadwarriors will also have to restart their connections in this case. - </para> - </note> - <para> - Enable the VPN on IPCop by selecting - <guilabel>Local VPN Hostname/IP</guilabel> - and click on the - <guibutton>Save</guibutton> - button. - The - <guilabel>VPN on Blue</guilabel> - option will only be visible if you have configured a BLUE - network interface card. - To enable a VPN over your BLUE wireless connection click on - the - <guilabel>VPN on BLUE</guilabel> - <guibutton>Enabled:</guibutton> - check box and then click on the - <guibutton>Save</guibutton> - button. - </para> - </sect2> - <sect2 id="vpns-connection"> - <title> - Connection Status and Control - </title> - <para> - <figure id="v140.vpn.002"> - <title>VPN Connection status and control window: Initial View</title> - <mediaobject> - <imageobject role="fo"> - <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG" - contentwidth="14cm"/> - </imageobject> - <imageobject role="html"> - <imagedata fileref="&imagepath;vpn-status1.&imageext;" format="PNG" align="center"/> - </imageobject> - <textobject> - <phrase>VPN Connections</phrase> - </textobject> - </mediaobject> - </figure> - </para> - <para> - To create a VPN connection use the - <guibutton>Add</guibutton> - button. - <link linkend="vpn-connection-type"> - The VPN connection type page will appear. - </link> - </para> - <sect3 id="vpns-connection-type"> - <title> - Connection Type - </title> - <para> - <figure id="v140.vpn.003"> - <title>VPN Connection Type Selection</title> - <mediaobject> - <imageobject role="fo"> - <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG" - contentwidth="14cm"/> - </imageobject> - <imageobject role="html"> - <imagedata fileref="&imagepath;vpn-type.&imageext;" format="PNG" align="center"/> - </imageobject> - <textobject> - <phrase>VPN Connection Types</phrase> - </textobject> - </mediaobject> - </figure> - </para> - <para> - Select either - <guilabel>Host-to-Net (Roadwarrior)</guilabel> - for mobile users who need access to the GREEN network - or - <guilabel>Net-to-Net</guilabel> - to allow users on another network access to your GREEN - network and to allow users on your GREEN network access - to the other network. - </para> - <para> - Choose the connection type you wish to create and click on - the <guibutton>Add</guibutton> button. - </para> - <para> - The next web page that appears contains two sections. - The <guilabel>Connection</guilabel> section will be different - depending on the connection type you are adding. - The <guilabel>Authentication</guilabel> section will be the same. - </para> <sect4 id="create-host-to-net"> <title>Host-to-Net Connection</title> <formalpara> @@ -952,180 +1142,11 @@ </para> </formalpara> </sect4> - <sect4 id="vpns-net-to-net"> - <title>Net-to-Net Connection</title> - <formalpara> - <title><guilabel>Name</guilabel></title> - <para> - Choose a simple name (lower case only with no spaces) - to identify this connection. - </para> - </formalpara> - <formalpara> - <title><guilabel>IPCop side</guilabel></title> - <para> - Choose an - <guilabel>IPCop side,</guilabel> - <guilabel>right</guilabel> - or - <guilabel>left</guilabel>, - that will be used in the IPSec configuration files to identify this - IPCop's side of the connection on this machine. - Remember, the side makes no difference. - </para> - </formalpara> - <formalpara> - <title><guilabel>Local Subnet</guilabel></title> - <para> - <guilabel>Local Subnet</guilabel> defaults to your GREEN network. - If desired, you can create a subnet of your GREEN network to limit - roadwarrior access to your GREEN network. - </para> - </formalpara> - <formalpara> - <title><guilabel>Remote Host/IP</guilabel></title> - <para> - Enter the static Internet IP address of the remote network's - IPSec server. - You can also enter the fully qualified domain name of the remote - server. - If the remote server is using a dynamic DNS service, you may have - to restart the VPN if its IP address changes. - There are several scripts available on the IPCop news groups - that will do this for you. - </para> - </formalpara> - <formalpara> - <title><guilabel>Remote subnet</guilabel></title> - <para> - Enter the remote network's network address and - subnet mask in the same format as the - <guilabel>Local Subnet</guilabel> - field. - This network must be different from the - <guilabel>Local Subnet</guilabel> - since IPSec sets up routing table entries to send IP - packets to the correct remote network. - </para> - </formalpara> - <formalpara> - <title><guilabel>Remark</guilabel></title> - <para> - The <guilabel>Remark</guilabel> field allows you to add an optional - comment that will appear in the IPCop VPNs connection window for this - connection. - </para> - </formalpara> - <formalpara> - <title><guilabel>Enable</guilabel></title> - <para> - Click on the - <guibutton>Enable</guibutton> - check box to enable this connection. - </para> - </formalpara> - <formalpara> - <title><guibutton>Edit advanced settings when done.</guibutton></title> - <para> - Click on the - <guibutton>Edit advanced settings when done.</guibutton> - check box if you need to modify IPCop's default settings for - IPSec. - </para> - </formalpara> - </sect4> - </sect3> - <sect3 id="vpns-type-one"> - <title> - Host-to-Net Connection - </title> - <para> - <figure id="v140.vpn.004"> - <title>VPN Host-to-Net Connection Input</title> - <mediaobject> - <imageobject role="fo"> - <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG" - contentwidth="14cm"/> - </imageobject> - <imageobject role="html"> - <imagedata fileref="&imagepath;vpn-con1.&imageext;" format="PNG" align="center"/> - </imageobject> - <textobject> - <phrase>VPN Host-to-Net Connection </phrase> - </textobject> - </mediaobject> - </figure> - </para> - <formalpara> - <title><guilabel>Name</guilabel></title> - <para> - A simple name (lowercase only, with no spaces) to identify this - connection. - </para> - </formalpara> - <para> - Section to be written... - </para> </sect3> - <sect3 id="vpns-type-two"> - <title> - Net-to-Net Connection - </title> - <para> - <figure id="v140.vpn.005"> - <title>VPN Net-to-Net Connection Input</title> - <mediaobject> - <imageobject role="fo"> - <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG" - contentwidth="14cm"/> - </imageobject> - <imageobject role="html"> - <imagedata fileref="&imagepath;vpn-con2.&imageext;" format="PNG" align="center"/> - </imageobject> - <textobject> - <phrase>VPN Host-to-Net Connection</phrase> - </textobject> - </mediaobject> - </figure> - </para> - <note> - <title>Note on IPSec Terminology</title> - <para> - IPSec uses the terms - <emphasis>right</emphasis> and - <emphasis>left</emphasis> for the two sides of a connection or - tunnel. - These terms have no real meaning. - IPSec will orient itself based on network addresses and routes. - Once it determines which network connection, left or right, to use to - get to the other side of a connection, all other right or left parameters - follow. - Many folks use left for the local side of a connection and right - for the remote side. - This is not necessary. - It is best to think of the terms as <quote>side 1</quote> and - <quote>side A</quote> of an old LP record. - </para> - </note> - <formalpara> - <title><guilabel>Name</guilabel></title> - <para> - A simple name (lowercase only, with no spaces) to identify this - connection. - </para> - </formalpara> - <formalpara> - <title><guilabel>IPCop side</guilabel></title> - <para> - Section to be written... - </para> - </formalpara> - <para> - Section to be written... - </para> - </sect3> + + <sect3 id="vpns-authentication"> <title> <guilabel>Authentication</guilabel> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |