vpn configuration guide · task 1 – tp-link configuration first, we’ll set up a vpn tunnel on...
TRANSCRIPT
VPN Configuration Guide TP-Link SecureStream
© 2017 equinux AG and equinux USA, Inc. All rights reserved.
Under copyright law, this manual may not be copied, in whole or in part, without the written consent of equinux AG or equinux USA, Inc. Your rights to the software are governed by the accompanying software license agreement.
The equinux logo is a trademark of equinux AG and equinux USA, Inc., regis-tered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
equinux shall have absolutely no liability for any direct or indirect, special or other consequential damages in connection with the use of this document or any change to the router in general, including without limitation, any lost profits, business, or data, even if equinux has been advised of the possibility of such damages.
Every effort has been made to ensure that the information in this manual is accurate. equinux is not responsible for printing or clerical errors.
Revised 20 January 2017
www.equinux.com
�2
ContentsIntroduction 4 ....................................................................................
Task 1 – TP-Link Configuration 5 ..................................................
Task 2 – VPN Tracker Configuration 8 ..........................................
Task 3 – Test the VPN Connection 9 .............................................
Appendix – FAQ 11...........................................................................
�3
Introduction This configuration guide will help you connect VPN Tracker to your TP-Link VPN Gateway.
My VPN Gateway Configuration You can print out this checklist to help keep track of the vari-ous settings of your TP-Link VPN gateway. Not all settings are required for all setups, so don’t worry if some stay empty.
IP Addresses
➊ TP-Link WAN IP Address: . . .
or host name
➋ LAN Network: . . . / . . .
Authentication
➌ Pre-Shared Key:
�4
Task 1 – TP-Link Configuration First, we’ll set up a VPN tunnel on your TP-Link gateway.
Step 1 – WAN IP or Host Name ‣ Connect to your TP-Link’s web interface. ‣ Go to Network > Status. ‣ Under WAN, write down the IP address as ➊ on your → Configuration
Checklist.
Step 2 – LAN Network ‣ Go to Network > LAN > LAN ‣ The IP address there will give you the Remote Network for ➋ on your → Configuration Checklist.
If you don’t have a static public IP address, you can configure a hostname under Services > Dynamic DNS. If you have config-ured a Dynamic DNS service, use that Domain Name as IP ad-dress.
�
The Remote Network address is usually the IP address here with the last digit substituted for a 0, e.g. 192.168.1.1 becomes 192.168.1.0. If you’re not sure, contact your network admin.�
�5
Step 3 – Configuring VPN > IKE settings IKE Proposal Settings
‣ Go to VPN > IKE.
‣ Go to the ”IKE Proposal“ tab
‣ Enter a “Proposal Name” (e.g. Very Secure)
‣ Set “Authentication” to SHA1
‣ Change “Encryption” to AES256
‣ Set “DH Group” to DH5
‣ Click ”Add”
IKE Policy Settings
‣ Go back to VPN > IKE Policy (the first tab).
‣ Enter VPN Tracker as your “Policy Name”
‣ Under IKE Proposal 1, choose the IKE Policy you created earlier (“Very Se-cure”)
‣ Enter a “Pre-Shared Key” – this is your main VPN encryption key, so choose a strong one. Write it down as ➌ on your → Configuration Checklist.
‣ Click ”Add”
And with that done, it’s on to the IPsec settings.
�6
Step 4 – Configuring VPN > IPsec settings IPsec Proposal Settings
‣ Go to VPN > IPsec.
‣ Go to the ”IPsec Proposal“ tab
‣ Enter a “Proposal Name” (e.g. Secure)
‣ Change “ESP Authentication” to SHA1
‣ Change “ESP Encryption” to AES128
‣ Click ”Add”
IPsec Policy Settings
‣ Go to the ”IPsec Policy“ tab
‣ Enter VPN Tracker as your “Policy Name”
‣ Change “Mode” to Client-to-LAN
‣ Under Local Subnet, enter the local network address from ➋ on your
→ Configuration Checklist
‣ Under IKE Policy, choose VPN Tracker
‣ Under IPsec Proposal 1, choose Secure
‣ Change “PFS” to DH5
‣ Click ”Add”
�7
Task 2 – VPN Tracker Configuration From Task 1, your → Configuration Checklist will have all your TP-Link settings. We will now create a matching configuration in VPN Tracker.
Step 1 – Add a Connection
‣ Open VPN Tracker. ‣ Click “Create a Connection” (or click the + button in the lower left
corner). ‣ Select “TP-Link” from the list. ‣ Select your TP-Link model (e.g. SafeStream series). ‣ Click “Create”.
Step 2 – Configure the VPN Connection
‣ Click “Configure” and switch to the “Basic” tab
‣ VPN Gateway: Enter your TP-Link’s public IP address or its host name ➊ from your → Configuration Checklist.
‣ Network Configuration: Enter the Remote Network from ➋ ‣ Click “Done”
�8
Task 3 – Test the VPN Connection
Connect to your VPN ‣ Open VPN Tracker. ‣ Click the On/Off slider for your connection.
‣ If you are using VPN Tracker for the first time with your current Internet connection, it will test your connection. Wait for the test to complete.
‣ You will be prompted to enter your pre-shared key ➌. Optionally, check the box “Store in Keychain” to save the password in your keychain so you are not asked for it again when connecting the next time.
Connected! Connecting may take a couple of seconds. If the On/Off button turns blue that’s great – you’re connected!
Now is a great time to take a look at the VPN Tracker Manual. It shows you how to use your VPN and how to get the most out of it.
It‘s time to go out! In order to test your connection, you will need to connect from a different location.
For example, if you are setting up a VPN connection to your office, try it out at home, or from an Internet cafe, or go visit a friend.
�9
Troubleshooting In case there’s a problem connecting, a yellow warning triangle will show up:
Click the yellow warning triangle to be taken to the log. The log will explain exactly what the problem is. Follow the steps listed in the log.
In most cases, the advice in the log should be sufficient to resolve the issue. However, VPNs are a complex topic and there might be trickier issues with which you need additional help.
VPN Tracker Manual The VPN Tracker Manual contains detailed troubleshooting advice.
Frequently Asked Questions (FAQs) Answers to frequently asked questions can be found at
http://www.vpntracker.com/support
Technical Support If you’re stuck, the technical support team at equinux is here to help. Contact us via
http://www.vpntracker.com/support
Please include the following information with any request for support:
‣ A description of the problem and any troubleshooting steps that you have already taken.
‣ A VPN Tracker Technical Support Report (Log > Technical Support Report). ‣ TP-Link model and the firmware version running on it. ‣ Screenshots of the Client VPN settings on your TP-Link.
Press Cmd-L to open the log in a new window. That way, you can have the log side-by-side with your VPN configuration while making changes to troubleshoot a problem.�
A Technical Support Report contains the settings and logs nec-essary for resolving technical problems. Confidential information (e.g. passwords, private keys for certificates) is not included in a Technical Support Report.
�
�10
Appendix – FAQ Setting up multiple VPN policies for users You can create multiple VPN access policies, each with its own Pre-Shared Key, e.g. so you can restrict access to just certain users.
To do so, create a new IKE policy for each user on your TP-Link gateway with these settings:
‣ Change the IKE Policy to use “Exchange Mode >Aggressive” ‣ Choose “Remote ID type > FQDN” ‣ Enter a “Remote ID” (e.g. your user’s name)
In VPN Tracker: ‣ Go to Advanced and set “Exchange Mode > Aggressive” ‣ Under Basic > Identifiers set “Local > Fully Qualified Domain Name
(FQDN)” and enter the ID you entered above
This way, custom policies can be created for individual users, giving you more fine-grained control.
Adding multiple Remote Networks To add multiple remote networks to a VPN connection, you simply create multiple IPsec policies, each with identical settings, except for the remote network entry.
Go to VPN > IPsec on your TP-Link device.
Then follow the steps under Step 4 – IPsec Policy Settings and enter the same settings as before, except for the Local Subnet. There you enter your addi-tional Remote Network.
In VPN Tracker, enter the new Remote Network under Basic > Network Con-figuration > Remote Networks.
�11