Managing global VPN network settings

Tip: You can use the same archive for internal and external use.

Procedure

  1. On the NETWORK menu, under the VPN submenu, click Global.
    • To set the default local certificate:
      1. Under the Default local certificate section, select the host’s certificate from the Certificate list.
      2. Click Save. This certificate is now used by default in all future tunnel specifications, unless otherwise specified.
      3. When prompted, click Restart to deploy the certificate.
    • To configure the pre-shared key (PSK) for IPsec road warrior:
      1. Under the IPsec Road Warrior (and L2TP) Preshared Key section, enter the Preshared Key for authentication.
      2. Reenter the key Again.
    • To configure the gateways for L2TP road warriors:
      1. Under the L2TP and SSL VPN client configuration settings section, enter the Primary DNS gateway for all connected L2TP road warriors to use.
      2. Enter the Secondary DNS gateway for all connected L2TP road warriors to use.
      3. Enter the Primary Windows Internet Name Service (WINS ) for all connected L2TP road warriors to use.
      4. Enter the Secondary WINS for all connected L2TP road warriors to use.
      5. Under the L2TP settings section, from the L2TP client internal interface list, select the internal network interface that all L2TP road warriors are connected to.
    • To create an external L2TP road warrior connection:
      • Under the L2TP settings section, from the L2TP client internal interface list, select the internal network interface that all L2TP road warriors are connected to.
    • To turn on and configure the VPN tunnel with SSL:
      1. Under the SSL VPN settings section, to turn on the SSL VPN on the Smoothwall, select the Enable SSL VPN option.
      2. From the Transport protocol list, select if you want to run the SSL VPN connection over "TCP (HTTPS) on port 443, the standard HTTPS port, or over "UDP (1194)" on port 1194.
      3. Enter the SSL VPN network address that SSL VPN users get on a virtual interface within the Smoothwall Firewall and enter the SSL VPN netmask.
      4. To force the device to send all its traffic through the SSL VPN connection, select the Force clients to use SSL VPN as gateway option.
      5. Enter the SSL VPN client gateway(s) host names or IP addresses that devices connect to.
      6. To apply Transport Layer Security (TLS) authentication, select the Enable TLS authentication option.
      7. To allow devices to connect on a random address, when multiple gateways are defined, select the Choose random gateway option.
    • To generate an archive containing the device software and the VPN settings but not custom scripts:
      1. Under the SSL VPN settings, click Generate client archive and save the file.
      2. Distribute the file to users who want to use the SSL VPN.
    • To create an internal L2TP VPN connection:
      1. Click Advanced » and under the Advanced section, to turn on a keep-alive mechanism on tunnels that support it, select the Enable dead peer detection option.
      2. To copy TOS bits into the tunnel from the outside as VPN traffic is received, and conversely in the other direction, select the Copy TOS (Type of Service) bits in and out of tunnels option.
    • To use an existing configuration file for the SSL VPN configuration:
      1. Click Advanced » and under the SSL VPB additional custom server configuration section, click Choose File and find the file that you want to use.
      2. Click Upload configuration file.
    • To configure the SSL VPN on an internal network:
      • Click Advanced » and under the Additional SSL VPN client internal interfaces section, select the interface on which to deploy the SSL VPN.
      • Generate a device archive and distribute to users.
  2. To apply the settings, click Save and click Restart.