equinux VPN Tracker 5.4.4 User Manual

VPN Tracker Manual

Version 5

equinux AG and equinux USA, Inc.

© 2002–2008 equinux USA, Inc. All rights reserved.

Under the copyright laws, this manual may not be copied, in whole or in part, without
the written consent of equinux AG or equinux USA, Inc. Your rights to the software are
governed by the accompanying software license agreement.

The equinux logo is a trademark of equinux AG and equinux USA, Inc., registered in the
U.S. and other countries.

Every effort has been made to ensure that the information in this manual is accurate.
equinux is not responsible for printing or clerical errors.

Created using Apple Pages.

www.equinux.com

Apple, the Apple logo, iBook, Mac, Mac OS, MacBook, PowerBook are trademarks of
Apple Computer, Inc., registered in the U.S. and other countries. equinux shall have
absolutely no liability for any direct or indirect, special or other consequential damages
in connection with the use of the manual or any change to the router generally,
including without limitation, any lost profits, business, or data, even if equinux has
been advised of the possibility of such damages.

Disclaimer

You agree that equinux USA, Inc. shall have no liability whatsoever for any use you
make of the Software. You shall indemnify and hold harmless equinux USA, Inc. from
any third party claims, damages, liabilities, costs and fees (including reasonable
attorney fees) arising from your use of the Software as well as from your failure to
comply with any term of this Agreement.

2

..............................................Welcome to VPN Tracker! 5

......................................................................................................What is a VPN? 5

...................................................................................What is a VPN Gateway? 5

..........................................................................................What is VPN Tracker? 5

.......................................................What can I use a VPN connection for? 6

........................................................Where can I use my VPN connection? 6

..................................................................................................Need More Info? 6

........................................................................Installation 7

...............................................................................................Install VPN Tracker 7

..........................................................................................Activate VPN Tracker 7

....................................................................Installing a Deployment Bundle 9

.............................................................................Actions 22

.............................................................................................Automatic Startup 22

..........................................................................................Location Awareness 22

.........................................................VPN Startup and Shutdown Actions 23

...............................................................Device Profiles 25

............................................................................Modifying Default Settings 25

.........................................................................Selecting a Different Device 25

...................................................................Creating a Custom Connection 26

....................................................................................Exporting Connections 32

.......................................................................................Deployment Bundles 33

.......................................................................................Distributing Licenses 34

.........................................Migrating to VPN Tracker 5 11

..............................................................Getting Started 12

........................................................................................................Prerequisites 12

........................................................................Setting Up the VPN Gateway 13

.........................................................................................Configuration Guide 14

...............................................................Assisted Setup 15

.........................................................................Using a Deployment Bundle 15

...................................................................Importing a Connection Profile 15

.....................................................................................Manual Configuration 15

...........................Managing and Using Connections 17

.....................................................................................Starting a Connection 17

....................................................................................................Accessing Files 18

.................................................................Accessing a FileMaker Database 18

.................................................................................Restarting a Connection 19

..................................................................................Stopping a Connection 19

..................................................................................Managing Connections 19

3

............................................................Troubleshooting 36

............................................................................................Known Limitations 36

..................................................................................................Connection Log 36

...........................................................................VPN Environment Manager 37

..........................................................................................Application Firewall 38

........................................................Creating a Technical Support Report 38

....................................................................................Missing Device Profiles 39

..............................................................................Assisted Troubleshooting 39

.................................................Appendix: Preferences 41

.................................................................................................................Updates 41

......................................................................................................................Growl 41

...............................................................................................Advanced (Ports) 41

.........................................Appendix: IPSec Explained 42

.......................................................................................IPSec – The Standard 42

.............................................................................Establishing a VPN Tunnel 42

.......................................................................................................NAT-Traversal 45

.......................................................Client Provisioning and Mode Config 47

4

Welcome to VPN Tracker!

Thank you for your selection of the leading VPN
client for the Mac. If you are new to VPN, we
recommend you read this chapter to familiarize
yourself with the basic concepts of Virtual Private
Networks.

What is a VPN?

VPN is an abbreviation of Virtual Private Network. A VPN
connection is established between two peers (e.g. a Mac

running VPN Tracker and a VPN gateway). These peers
negotiate a so-called “Security Association” which is used to

encrypt and authenticate the data transferred between them.
This ensures that the data

‣

cannot be read by a 3rd party (confidentiality)

‣

cannot be changed by a 3rd party (integrity)

‣

is known to originate from the remote peer (authenticity)

private interface is used by the computers on its local area
network (LAN), and a public interface which is connected to

the Internet. Both interface can be wired (using Ethernet
cables) or wireless (using Airport/WLAN or 3G wireless

connections).

If a gateway is capable of handling a VPN connection, it is
called a VPN gateway. VPN gateways are usually specialized

hardware devices from vendors like Cisco, SonicWALL, or
Netgear. In some cases, VPN functionality is provided by some

software running on a standard computer (e.g. Astaro Internet
Security), which turns this computer into a VPN gateway.

In this guide, we will talk about VPN gateways, or simply VPN
devices.

What is VPN Tracker?

VPN Tracker is a versatile, user-friendly VPN client for Mac OS X.
Using a collection of industry-standard algorithms (the IPSec

standard, and some extensions), VPN Tracker can secure all
your internet-based communications, including those over

wireless networks.

What is a VPN Gateway?

The general term “gateway” describes a device which handles
external network traffic for a computer (or several computers

in a local network). Such devices are also called routers, and
many of them include security features (which turns them into

a ”firewall”). A gateway has at least two interfaces –"a local or

5

VPN Tracker should work with all VPN gateways implementing
the above standard (IPSec) properly. Our predefined device

profiles for a large variety of VPN gateways make setting up
secure, encrypted tunnels to remote networks easier than ever

before!

Note Please refer to the chapter “Device Profiles” if you

cannot find a device profile for the gateway you’d like
to use.

What can I use a VPN connection for?

A VPN allows you to access a remote network (e.g. your office
network, or your Mac at home) securely from anywhere in the

world, through the Internet. You can download and upload
files, receive mails from your company’s mail server, manage
computers remotely, or access FileMaker databases.

Where can I use my VPN connection?

All you need to establish and use a VPN connection is a
working Internet connection at both ends. Whether you're

working from a hotel, an Internet cafe or from your home
office, VPN Tracker will contact your VPN gateway at its public
interface, and negotiate the VPN connection.

Need More Info?

More info on Virtual Private Networks and the IPSec
technology can be found in the chapter “IPSec Explained”.

Note In some cases, local routers may interfere. Please use

the VPN Environment Manager (from the “Help”
menu) to check your network environment.

6

Installation

Install VPN Tracker

The first step is to install VPN Tracker on your Mac.

‣

Eject the disk image by dragging it to the trash

You can now use VPN Tracker in demo mode – all connections
will be terminated after three minutes. If you already tested the
software, you should activate the application right away.

To install VPN Tracker on your Mac:

‣

Download VPN Tracker from the equinux web site at http://

www.equinux.com/vpntracker/download

‣

If the downloaded disk image is not mounted automatically,
double-click the file

‣

Drag the VPN Tracker application symbol into your
”Applications” folder

Activate VPN Tracker

Activating VPN Tracker is a simple and straightforward process.
Described below are three different scenarios: Buy a new

license online, activate a retail version and transfer a license.

Note Your equinux ID will be used to store and manage all

your licenses. Whenever you purchase additional
licenses or other products, please specify your

equinux ID.

Buy a License

Obtaining a license for VPN Tracker and activating it on your
Mac is a simple process.

To buy a license, please complete the following steps:

‣

Choose “VPN Tracker“ > “Buy VPN Tracker...“

‣

Click “Buy VPN Tracker”

‣

If you are a new customer, choose your country and click
“Next“.

or

7

‣

If you already registered with equinux, login with your
equinux ID

‣

Choose the desired license

‣

Click “Check Out“

‣

Click “Activate VPN Tracker“

‣

Enter your equinux ID and password

‣

Click “Login“ and follow the instructions

‣

Continue shopping for other equinux products

or

‣

Click “Continue Check Out“

‣

If you are a new customer, register a new equinux ID

‣

Select either “Bank Transfer“, “PayPal“ or “Credit Card“ as your
preferred payment option

‣

Enter your credit card data, if necessary

‣

Review your order and click “Complete Order“

If you paid with PayPal, you will be redirected to the PayPal
website to make your payment.

If your PayPal or credit card payment is authorized
immediately, VPN Tracker will be activated automatically. Your

license will be stored on your Mac.

If you paid by bank transfer, you will be sent an email with
payment instructions. As soon as we receive your payment, we

will add the license to your equinux ID and notify you by
email. You can then use your equinux ID and password to

activate the software.

To activate VPN Tracker with your equinux ID:

‣

Select “VPN Tracker > Activate VPN Tracker...”

8

Activate a Retail Version

If you bought a retail version of VPN Tracker at your local
software store, you received an “Activation Code“. This code

can be used to create a license.

To activate a retail version, please complete the following
steps:

‣

Choose “VPN Tracker 5“ > “Activate VPN Tracker...“

‣

Click “Activate VPN Tracker“

‣

Register a new equinux ID (if this is your first equinux
product)

or

‣

Login with your equinux ID

‣

Enter your Activation Code

Your license will be created and stored on your Mac
automatically.

Transfer a License

All licenses for equinux products are hardware bound. When
registering our software on your computer, the license is

created for this machine. This means that a license can only be
used on a single computer.

However, transferring a license to a different computer is easy.

To transfer a license, please complete the following steps:

‣

On your old Mac, choose “VPN Tracker 5“ > “Deactivate VPN
Tracker“

The license will now be available for activating the software on
your new Mac.

‣

Install VPN Tracker on your new Mac

‣

On your new Mac, activate VPN Tracker with your equinux ID
(s. above)

VPN Tracker will automatically fetch the free license.

Note From now on, the software cannot be used on the

old machine. To transfer the license back, just reverse
the process described above.

Installing a Deployment Bundle

‣

Double-click the deployment bundle (a disk image) to open
it

‣

Copy the VPN Tracker application to your Applications folder

‣

Eject the disk image by dragging it to the Trash

‣

Double-click the application icon

VPN Tracker will ask you to enter the decryption password sent
to you by your administrator

‣

Enter the decryption password

VPN Tracker will now ask for an administrator password to
complete the installation.

If your administrator provided a deployment bundle,
installation, activation, and configuration can be completed in

a single step.

Note Installing a deployment bundle requires Internet

access and an administrator password on your Mac.

9

‣

Enter a local administrator username and password

VPN Tracker will present your license voucher

learn how to use the connection(s) provided with the bundle.

‣

Click “Activate”

VPN Tracker is now licenses and configured on your Mac.
Please skip ahead to “Managing and Using Connections” to

10

Migrating to VPN Tracker 5

Users of VPN Tracker 3 or 4 can have their
existing connections migrated to the new
connection profile automatically

When VPN Tracker 5 is started for the first time, it will detect
existing installations of VPN Tracker 3/4 on your Mac, and scan

them for connections.

To run the migration assistent manually:

‣

Select “File > Migrate Connections from VPN Tracker 3/4...“

‣

Enter your administrator password

‣

Click “OK“

VPN Tracker will display the result, including any changes it had
to apply:

‣

Click “Migrate“ in the appearing dialog window

11

That’s all –"please skip ahead to “Managing and Using
Connections“ to learn how to use the migrated connections.

Getting Started

This chapter explains how to configure and
establish a VPN connection quickly. Let’s get
started!

Prerequisites

To configure a VPN connection to your office (or to some other
location), you will need

‣

A Mac (which runs VPN Tracker Professional or Personal)

‣

A VPN gateway at your office (at your target location)

With VPN Tracker Player, you cannot configure your own
connection. In this case, you need to receive either a

deployment bundle or a configuration profile from your
network administrator.

When using VPN Tracker Player, please do the following:

‣

For instructions on installing a deployment bundle, please
read “Installing a Deployment Bundle”.

or

‣

Press ⌘-N

or

‣

Click the ”+” button in VPN Tracker’s main window

A dialog window will open.

‣

For details on importing connection profiles, please skip
ahead to “Assisted Setup”.

If you have a license for VPN Tracker Professional or Personal,
please read on.

To create a new connection:

‣

Select “File > New Connection“

12

‣

Select your preferred connection name

‣

Select the vendor and device name of your VPN gateway

‣

Enter a connection name

‣

Click “OK”

The connection will be created, and the main window will
extend to display the configuration options.

When you selected a device, this device’s standard profile was
automatically applied to your connection. The profile collects a

couple of general VPN settings (as opposed to the connection­specific settings which are configured individually). These

settings can be found on the “Advanced“ tab in VPN Tracker’s
main window.

refer to the VPN Tracker manual (”Modifying a Device
Profile“) for further information.

Setting Up the VPN Gateway

If you don’t have a VPN gateway already, a list of VPN gateways
which have been tested with VPN Tracker can be found at

http://www.equinux.com/vpntracker/interop

If you’re new to networking, here are some basic configuration
hints. The VPN gateway should be connected to the Internet
directly (i.e. the gateway should be directly connected to a DSL

modem or similar). It is possible to place the VPN gateway
behind another firewall or router, but this setup is more

complex.

The VPN gateway needs to be the default gateway for all other
computers to be accessed through the VPN tunnel. For Macs,

this means that the gateway’s local interface address is stored
under System Preferences > Network > TCP/IP > Router.

.

If you just installed the gateway yourself, and did not touch its
VPN-related settings, you should not need to change anything

under “Advanced“ in VPN Tracker either.

Note If you or your network administrator changed the

default VPN settings of the device, you will have to
modify the “Advanced“ settings in VPN Tracker. Please

13

The gateway should also have a static public IP address, which
is usually available from Internet providers as a paid option. If
this option is not available, you can also register a dynamic

hostname for free at services like DynDNS
hostname requires that your VPN gateway supports automatic

updates of its current IP address with the dynamic hostname
service.

. A dynamic

Please refer to your gateway’s manual for more detailed
instructions.

Configuration Guide

For the VPN configuration of your gateway, please refer to the
device’s configuration guide:

‣

Click the ”Configuration Guide” link next to the device name
in the ”Basic” tab

The guide will show you how to configure both the gateway
and VPN Tracker, and how to establish the connection

afterwards.

Note Configuring connections is not possible with VPN

Tracker Player.

However, if the device supports the IPSec standard, it is likely
to work with VPN Tracker.

To configure an untested device:

‣

Please refer to “Custom Devices”

No Gateway Access?

If you cannot configure the VPN gateway yourself:

‣

Please read the chapter (”Assisted Setup”)

When you’re done with setting up a connection, please skip
ahead to “Managing and Using Connections“.

No Device Profile?

If your VPN gateway is not available in VPN Tracker, we have
not tested it yet, and cannot provide a configuration guide or

support.

14

Assisted Setup

If you don’t have access to the VPN gateway
yourself, you depend on the help of your IT
department to configure a connection.

Using a Deployment Bundle

Ideally, your IT department will provide a deployment bundle
which makes installing, activating and configuring a one-step

process. Please refer to “Installing a Deployment Bundle” for
details.

Instructions on how to create deployment bundles can be
found in “Exporting Connections”.

services (see the “IPSec Explained: Authentication” section in
this manual).

‣

Enter the decryption password provided by your IT
department

That’s it. The new connection will appear in your connection
list. Please skip ahead to “Managing and Using Connections“.

Importing a Connection Profile

In many cases, your IT department will provide a VPN Tracker
profile for you to import. Such a profile can be exported from
VPN Tracker Professional, as described in “Exporting

Connections”.

To import a connection profile:

‣

Double-click the connection file

You will be asked for a decryption password. This password is
set (and revealed to you) by your network administrator. It is
set specifically for the connection profile, and is not necessarily

identical to your normal login password for company network

15

Manual Configuration

If your company’s IT department is not Mac-based, you will
usually get information such as a pre-shared key, the VPN

gateway address and a pointer to a Windows-based VPN client.

To connect to your office using VPN Tracker, you need to
obtain at least the following:

‣

The vendor and model name of the VPN gateway

‣

A pre-shared key (or certificates)

‣

The VPN gateway address

In many cases, you will also need

‣

The remote network