7: Networking
EMG™ Edge Management Gateway User Guide 126
3. To save, click Apply button.
More Actions on the VPN page:
To see details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
To see the last 200 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
To see the RSA public key for the EMG (required for configuring the remote host if RSA Public
Keys are being used), and the RSA public key for the remote peer, select the View console
manager and Remote Peer RSA Public Key link.
Custom ipsec.conf
Configuration
A custom ipsec.conf file can be uploaded to the EMG. This file can include
any of the strongSwan options which are not configurable from the UIs. The
ipsec.conf file should include one
conn <Tunnel Name> section which
defines the tunnel parameters. An ipsec.conf file containing more than one
conn section will be rejected for upload.
When a custom ipsec.conf file has been uploaded to the console manager,
any VPN options configured via the UIs (with the exception of authentication
tokens, see below) are ignored, and the UIs will not display the options
given in the custom ipsec.conf file.
A description of the format of the ipsec.conf file as well as all strongSwan
options is available
here. The EMG uses strongSwan version 5.6.3, so not
all options listed in the strongSwan ipsec.conf documentation will be
supported by the EMG.
Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates)
required by the custom ipsec.conf must be configured through the EMG UIs,
and must be configured or installed before a tunnel is brought up with an
uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf
file, the authentication tokens required for the
authby parameter are
verified to exist before the tunnel is started. For example, if
authby=rsasig, the EMG will verify that the EMG RSA public/private
key has been generated and that the peer RSA public key has been
uploaded.
To upload a custom ipsec.conf file, select the Upload File link next to the
Uploaded Configuration field. The file name should not contain '/', '\', ':', '*',
'?', '"', '<', '>', '|' characters.
To delete an uploaded custom ipsec.conf file, select the Delete
Configuration File checkbox next to the Uploaded Configuration field.
To view an uploaded custom ipsec.conf file, select the View Configuration
link next to the Uploaded Configuration field. If a file has been uploaded it
will be displayed; otherwise the auto-generated file will be displayed if it
exists. The file is auto-generated when a tunnel is enabled (if a custom file
has not been uploaded).
To download the current in-use ipsec.conf file (either the ipsec.conf file
automatically generated by the EMG or an uploaded custom ipsec.conf file),
select the Download Configuration button. Downloading the ipsec.conf file
automatically generated by the EMG is a good starting point for adding
extra VPN options; the tunnel must be enabled in order for the EMG to auto-
generate an ipsec.conf file that can be downloaded.
Tunnel Restart If enabled, the watchdog program will automatically restart the VPN tunnel
when the tunnel goes down.
Email Address Email address to receive email alerts when the tunnel goes up or down.
To Next Page
Loading...
Need help?
General
