6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 96
3. To save, click Apply button.
More Actions on the VPN page:
To see details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
To see the last 200 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
To see the RSA public key for the SLC unit (required for configuring the remote host if RSA
Public Keys are being used), and the RSA public key for the remote peer, select the View
console manager and Remote Peer RSA Public Key link.
To see the X.509 Certificates for the local peer and the remote peer, select the View X.509
Certificates link.
Custom ipsec.conf
Configuration
A custom ipsec.conf file can be uploaded to the SLC. This file can include
any of the strongSwan options which are not configurable from the UIs. The
ipsec.conf file should include one
conn <Tunnel Name> section which
defines the tunnel parameters. An ipsec.conf file containing more than one
conn section will be rejected for upload.
When a custom ipsec.conf file has been uploaded to the console manager,
any VPN options configured via the UIs (with the exception of authentication
tokens, see below) are ignored, and the UIs will not display the options
given in the custom ipsec.conf file.
A description of the format of the ipsec.conf file as well as all strongSwan
options is available
here. The SLC uses strongSwan version 5.6.3, so not
all options listed in the strongSwan ipsec.conf documentation will be
supported by the SLC.
Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates)
required by the custom ipsec.conf must be configured through the SLC UIs,
and must be configured or installed before a tunnel is brought up with an
uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf
file, the authentication tokens required for the
authby parameter are
verified to exist before the tunnel is started. For example, if
authby=rsasig, the SLC will verify that the SLC RSA public/private
key has been generated and that the peer RSA public key has been
uploaded.
To upload a custom ipsec.conf file, select the Upload File link next to the
Uploaded Configuration field.
To delete an uploaded custom ipsec.conf file, select the Delete
Configuration File checkbox next to the Uploaded Configuration field.
To view an uploaded custom ipsec.conf file, select the View Configuration
link next to the Uploaded Configuration field. If a file has been uploaded it
will be displayed; otherwise the auto-generated file will be displayed if it
exists. The file is auto-generated when a tunnel is enabled (if a custom file
has not been uploaded).
To download the current in-use ipsec.conf file (either the ipsec.conf file
automatically generated by the SLC or an uploaded custom ipsec.conf file),
select the Download Configuration button. Downloading the ipsec.conf file
automatically generated by the SLC is a good starting point for adding extra
VPN options; the tunnel must be enabled in order for the SLC to auto-
generate an ipsec.conf file that can be downloaded.
Tunnel Restart If enabled, the watchdog program will automatically restart the VPN tunnel
when the tunnel goes down.
Email Address Email address to receive email alerts when the tunnel goes up or down.
To Next Page
Loading...
Need help?
General
