Billion Electric Company English CO1 User Manual
BiGuard C01
BiGuard VPN Client
Secure access to Company Network
User’s Manual
Version Release 3.0
TTaabbllee ooff CCoonntteennttss
CHAPTER 1: INTRODUCTION............................................................................................................. 1
INTRODUCTION TO BIGUARD VPN CLIENT ............................................................................................... 1
FEATURES.................................................................................................................................................. 1
CHAPTER 2: INSTALLING BIGUARD VPN CLIENT....................................................................... 3
SOFTWARE INSTALLATION .......................................................................................................................... 3
SOFTWARE EVA LUATI ON ............................................................................................................................ 4
ACTIVATION WIZARD................................................................................................................................. 4
Two easy step Wizard............................................................................................................................ 4
Step 1 of 2: Enter License Number .................................................................................................. 5
Step 2 of 2: Online Activation.......................................................................................................... 6
Activation errors............................................................................................................................... 6
SOFTWARE UNINSTALLATION..................................................................................................................... 7
CHAPTER 3: NAVIGATION THE USER INTERFACE ...................................................................... 8
AVIGATION THE USER INTERFACE............................................................................................................. 8
N
S
YSTEM TRAY............................................................................................................................................ 8
MAIN WINDOW........................................................................................................................................ 10
MAIN MENUS .......................................................................................................................................... 10
STATUS BAR .............................................................................................................................................11
WINDOWS “ABOUT”.................................................................................................................................11
HIDDEN INTERFACE ................................................................................................................................. 12
WIZARDS................................................................................................................................................. 12
PREFERENCES .......................................................................................................................................... 12
VPN Client start mode........................................................................................................................ 12
Miscellaneous..................................................................................................................................... 13
CHAPTER 4: VPN CONFIGURATION................................................................................................ 14
CONFIGURATION WIZARD........................................................................................................................ 14
Four easy step Wizard ........................................................................................................................ 14
Step 1 of 4........................................................................................................................................... 15
Step 2 of 4........................................................................................................................................... 15
Step 3 of 4........................................................................................................................................... 16
Step 4 of 4........................................................................................................................................... 16
VPN TUNNEL CONFIGURATION ............................................................................................................... 17
How to create a VPN Tunnel? ............................................................................................................ 17
Multiple Authentication or IPSec Configuration Phase..................................................................... 17
Advanced Features............................................................................................................................. 18
AUTHENTICATION OR PHASE 1................................................................................................................. 18
What is Phase 1? ................................................................................................................................ 18
Phase 1 Settings Description.............................................................................................................. 19
Phase 1 Advanced configuration........................................................................................................ 20
EC CONFIGURATION OR PHASE 2........................................................................................................ 22
IPS
What is Phase 2? ................................................................................................................................ 22
Phase 2 Settings Description.............................................................................................................. 22
Phase 2 Advanced configuration........................................................................................................ 23
G
LOBAL PARAMETERS – GLOBAL SETTINGS DESCRIPTION...................................................................... 25
TUNNEL VIEW – HOW TO VIEW OPENED TUNNELS?......................................................................... 26
VPN
USB
MODE.............................................................................................................................................. 27
What is USB Mode?............................................................................................................................ 27
Table of Contents i
How to set USB Mode on?.................................................................................................................. 27
How to enable a new USB Stick? ....................................................................................................... 28
How to automatically open tunnels when an USB Stick is plugged in?............................................. 28
CERTIFICATE MANAGEMENT (PLEASE SEE APPENDIX A - COMPATIBLE TAB LE OF BILLION VPN ENABLED
DEVICES AND
BIGUARD VPN CLIENT) .................................................................................................... 29
Additional support documents............................................................................................................ 29
How to configure IPSec VPN Client with Certificates?..................................................................... 29
CONFIGURATION MANAGEMENT – HOW TO IMPORT OR EXPOR T A VPN CONFIGURATION? ..................... 30
CONFIGURATION TOOLS........................................................................................................................... 31
Command line tools............................................................................................................................ 31
Stopping VPN Client: option “/stop”................................................................................................. 31
Import VPN Configuration: option “/import” and “/importance”.................................................... 31
VPN Client Startup mode: VPNSTART...............................................................................................31
Hiding VPN Client configuration user interface: VPNHIDE............................................................. 31
CONSOLE AND LOGS ................................................................................................................................ 32
Console Windows................................................................................................................................ 32
CHAPTER 5: TROUBLESHOOTING.................................................................................................. 34
INTRODUCTION........................................................................................................................................ 34
TOOLS IN CASE OF TROUBLE .................................................................................................................... 34
A good network analyzer: ethereal..................................................................................................... 34
VPN IPSEC TROUBLESHOOTING ............................................................................................................. 34
« PAYLOAD MALFORMED » error (wrong Phase 1 [SA])............................................................... 34
« INVALID COOKIE » error.............................................................................................................. 34
« no keystate » error........................................................................................................................... 35
« received remote ID other than expected » error.............................................................................. 35
« NO PROPOSAL CHOSEN » error.................................................................................................. 35
« INVALID ID INFORMATION » error ............................................................................................. 36
No response for phase 1 requests....................................................................................................... 36
SEND, RECV and that is all!.............................................................................................................. 36
No response to phase 2 requests......................................................................................................... 37
I clicked on “Open tunnel”, but nothing happens.............................................................................. 37
The VPN tunnel is up but I can’t ping! ............................................................................................... 37
APPENDIX A: COMPATIBLE TABLE OF BILLION VPN ENABLED DEVICES AND BIGUARD
VPN CLIENT............................................................................................................................................ 38
APPENDIX B: PRODUCT SUPPORT AND CONTACT INFORMATION...................................... 39
Table of Contents ii
Billion BiGuard VPN Client
Chapter 1: Introduction
Introduction to BiGuard VPN Client
Your network is constantly evolving as you integrate more business applications and
consolidate servers. In that environment, it is becoming extremely complex to maintain total
security at the edge while users being employees or Teleworkers on the go are working with
customers and partners. You need to get access to those applications and servers quickly,
easily and securely.
BiGuard VPN client is an IPSec VPN software for Windows versions that allows establishing
secure connections over the Internet usually between a remote worker and the Corporate
Intranet. IPSec is the most secure way to connect to the enterprise as it provide strong user
authentication, strong tunnel encryption with ability to cope with existing network and firewall
settings.
Features
Windows supported versions
Win95, Win98, Me, NT, Win2000, WinXP
Tunneling Protocol
Full IKE support: The IKE implementation is based on the OpenBSD 3.1 implementation
(ISAKMPD), thus providing best compatibility with existing IPSec routers and gateways.
Full IPSec support: Main mode and Aggressive mode
MD5 and SHA hash algorithms
NAT Traversal
NAT Traversal Draft 1 (enhanced), Draft 2 and 3 (full implementation)
Including NAT_OA support (floating port for IKE exchange)
Including NAT keepalive
Encryption
Provides DES, 3DES and AES 128/192/256 bits encryption.
User Authentication (Please see Appendix A)
X-Auth support
Preshared keying support
Support of Group 1, 2 and 5 (i.e. DH768, 1024 and 1536)
Flexible Certificate support (PEM, PKCS12, ...)
USB Stick
VPN configurations and security elements (certificates, Preshared key, ...) can be saved
into an USB Stick in order to remove authentication information from the computer.
Log console
All phase messages are logged for testing or staging purpose, and multiple files (10)
allows to easily narrow the view on specific aspects.
Chapter 1: Introduction
1
Billion BiGuard VPN Client
Invisible User Interface
Silent install and invisible graphical interface allow IT managers to deploy solutions while
preventing user to misuse configurations.
Configuration building
User Interface and Command Line.
Chapter 1: Introduction
2
Billion BiGuard VPN Client
Chapter 2: Installing BiGuard VPN Client
Software installation
BiGuard VPN client installation is a classical Windows installation that does not require specific
information. After completing the installation, you will be asked to reboot your computer.
After reboot and session login, a window appears for a license number request. The license
number is shown on the CD packaging.
Quit: will close established this window and software.
Evaluate: allows you to continue software evaluation. Evaluation period is displayed into the
yellow bar above.
Activate: allows you to activate the software online. This requires a License Number. When
clicking on “Activate” button, an Activation Wizard pops up.
Buy: allows you to find the purchase contact window a license in Billion’s Website.
On Windows NT, 2000 and XP, you must have administrator rights. If it is not
the case, the installation stops after the language choice with an error
message.
Shortcuts: After software installation, BiGuard VPN window can be launched:
1. From user desktop, by double-clicking on BiGuard VPN shortcut.
2. From VPN Client icon available in the taskbar.
3. From menu Start > Programs > Billion > BiGuard VPN > Billion BiGuard VPN.
Chapter 2: Installing BiGuard VPN Client
3
Billion BiGuard VPN Client
Software Evaluation
It is possible to use BiGuard VPN Client during the evaluation period (i.e. limited to 30 days) by
clicking on "Evaluate" button. When the IPSec VPN Client is on "Evaluation" mode, the register
window appears at each boot of the client. Evaluation period is displayed into the yellow bar
above.
Once evaluation period expires, “Evaluation” button is no longer available and the software is
disabled.
Activation Wizard
Two easy step Wizard
The Activation Wizard is a two steps Wizard that allows users to activate the software online.
Activation requires a License Number. Enter your License Number, email address and click
'Next' as shown below. Email address will be used to send back an activation confirmation to
the user.
The “Activation Wizard” can be launched from the VPN Client software as such:
Click on the “?” menu and then click on "Activation Wizard".
Click on the “Activate” button in the startup windows when you start the VPN Client.
Chapter 2: Installing BiGuard VPN Client
4
Billion BiGuard VPN Client
Step 1 of 2: Enter License Number
Activation requires a License Number. Enter your License Number, your email address and click
“Next” as shown below. Email address will be used to send back an activation confirmation
email to the user once activation has been successfully performed.
From VPN Client release 3.0 and later, the License Number format is a 24-digit number (i.e. 4
times 6 digits). Older License Number format is a 20-digit number. You can select the right
format by clicking on “Format” on the right end side next to the License Number field as follow:
Chapter 2: Installing BiGuard VPN Client
5
Billion BiGuard VPN Client
Step 2 of 2: Online Activation
The “Activation Wizard” will automatically connect to the online software activation server to
activate the VPN Client Software. You can go back at anytime to change the License Number.
Activation errors
In case of an error is returned by the online software activation server, as shown below, you
shall click on the (help button) available in the window to get more online explainations and
recommandations on how to proceed next.
Error codes Error messages Error explanations
Error 001 License not found License number doesn't exist in the activation server
database. There must be an error in entering the
license number. Also some old licenses are 20 digits
only while new licenses are 24 digits.
Error 002 Reserved Reserved
Error 003 Activation quota Too many installations and activations have been
Chapter 2: Installing BiGuard VPN Client
6
Billion BiGuard VPN Client
exceeded processed for this specific license number. License
numbers can not be used more than allowed by your
IT department.
Error 004 Wrong product code The License number you've entered is not allowed on
this software product. This software product requires
a specific license number that is provided by the
distributor of this software.
Error 050 Impossible to
complete activation
Activation server can not generate activate code for
this license at the moment of activation
process
Error 051 Impossible to
complete activation
Activation server can not generate activate code for
this license at the moment of activation
process
Error 052 Impossible to
complete activation
Activation server can not generate activate code for
this license at the moment of activation
process
Error 053 Cannot connect
activation server
The activation server can't be contacted. Reasons
can be broken Internet connection, activation server
down, firewall and security policies.
Error 054 Cannot connect
activation server
The activation server can't be contacted. Reasons
can be broken Internet connection, activation server
down, firewall and security policies.
Error 055 Activation code error Activation code might have been modified after
activation.
Software Uninstallation
BiGuard VPN Client can be uninstalled:
1. From Windows Control Panel by selecting “Add/Remove programs”.
2. From Start Menu > Programs > Billion > BiGuard VPN > Uninstall BiGuard VPN
Chapter 2: Installing BiGuard VPN Client
7
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
Navigation the user interface
BiGuard VPN Client is fully autonomous and can start and stop tunnels without user
intervention, depending on traffic to certain destinations. However it requires a VPN
configuration.
The VPN Client configuration is defined in a VPN configuration file. The software user interface
allows creating, modifying, saving, exporting or importing the VPN configurations together with
security elements (e.g. Preshared key).
The user interface is made of several elements:
1. System Tray Icon
2. Main window
3. Main menus
4.
Status bar
5.
Wizards
6.
Preferences
System Tray
The VPN Client user interface cab be launched via a double click on application icon (Desktop
or Windows Start menu) by single click on application icon in system tray. Once launched, the
VPN Client software shows an icon in this system tray that indicates whether a tunnel is opened
or not, using color code.
VPN Client application color code is the following:
Blue icon: no VPN tunnel is established
Green icon: at least one VPN tunnel is opened
Chapter 3: Navigation the User Interface
8
Billion BiGuard VPN Client
A left-button click on VPN icon opens configuration user interface.
A right-button click shows the following menu:
Quit: will close established VPN tunnels, stops the configuration user interface.
Save & Apply: will close established VPN tunnels, apply latest VPN configuration modification
and reopen all the VPN tunnels.
Console: shows log window.
Connections: opens the list of already established VPN tunnels. You can configure tunnels to
open up automatically when the software starts.
List of configured tunnels with current status. Tunnels can be opened or closed from this menu
as well.
Tooltips over VPN Client icon shows the connection status of the VPN tunnel:
1. "Tunnel <tunnelname>” when one or more tunnels are established.
2. "Wait VPN ready...” when the IKE service is reinitializing.
3. "BiGuard VPN Client” when the VPN Client is up but with no opened tunnel.
Chapter 3: Navigation the User Interface
9
Billion BiGuard VPN Client
Main Window
The main window is made of several elements:
1. Three buttons “Console”, “Parameters” and “Connections” (left column).
2. A tree list window (left window) that contains all IKE and IPSec configuration.
3. A configuration window (right window) that shows the associated tree level.
Main Menus
There are several menus as followed:
File: used to Import or Export a configuration. It is also used to choose the location of the VPN
Configuration: local or USB…. It is finally used to configure miscellaneous preferences such as
the way the VPN Client may start (e.g. before or after logon, ...).
VPN Configuration: contains all actions from tree control right-click menu, it also gives access
to the “Configuration Wizard”.
Tools: contains “Console” and “Connections” choice.
?: gives access to online support and window “About”, it also gives access to the “Activation
Wizard”
10
Chapter 3: Navigation the User Interface
Loading...