equinux VPN Tracker 8.1.1 User Manual

VPN Tracker 8

Manual

© 2014 equinux AG and equinux USA, Inc. All rights reserved.

Under copyright law, this manual may not be copied, in whole or in part,
without the written consent of equinux AG or equinux USA, Inc. Your rights

to the software are governed by the accompanying software license
agreement.

The equinux logo is a trademark of equinux AG and equinux USA, Inc., regis­tered in the U.S. and other countries. Other product and company names

mentioned herein may be trademarks and/or registered trademarks of their
respective companies.

equinux shall have absolutely no liability for any direct or indirect, special or
other consequential damages in connection with the use of this document
or any change to the router in general, including without limitation, any lost

profits, business, or data, even if equinux has been advised of the possibility
of such damages.

Every effort has been made to ensure that the information in this manual is
accurate. equinux is not responsible for printing or clerical errors.

Revised October 17, 2014

Created using Apple Pages.

www.equinux.com

2

Contents

..............................................................Introducing VPN Tracker 5

...............................................What’s New in VPN Tracker 8? 6

................................................................VPN Tracker Editions 8

.........................................................................Getting Started 9

Installing VPN Tracker 9
Activating VPN Tracker 9

.....................................Migrating from Previous Versions 11

.....................................................................Getting Connected 12

..................................................................VPN Crash Course 12

.......................................................................The Big Picture 13

....................................................Setup for an Existing VPN 16

.................................Setup without Configuration Guide 17

........................................................Importing Connections 19

.............................................Connecting to Your New VPN 20

........................................................Working with VPN Tracker 21

....................................................................Network Scanner 30

..............................................................................Accounting 33

.........................................................Exporting Connections 34

..........................................................................Troubleshooting 38

......................................................................................Reference 43

................................................................Settings Reference 43

Basic Tab 43
Advanced Tab 50
Actions Tab 58
Export Tab 58
VPN Tracker Preferences 58

...................................................Secure Desktop Reference 62

..................................Accessing Files & Printers over VPN 68

.....................................................L2TP / PPTP Connections 70

.................VPN and Network Address Translation (NAT) 71

...............................................Certificates and Smart Cards 74

.........................................Choosing the Right VPN Device 81

..................................................................Further Resources 82

....................................Secure Desktop: Your VPN Cockpit 22

....................................................................VPN Productivity 26

Managing Connections and Secure Desktops 26
VPN Connection Stats 27
Menu Bar Item 27
Notifications 27
Actions 28
Notes 29

...............................................................Keyboard Shortcuts 83

3

VPN Tracker 8 at a Glance

Search

If you’re a consultant with lots
of customers, you’ll appreciate
being able to filter your connec­tion list to find that VPN.

Secure Desktop

Everything you need to
work over VPN in one
place: Applications, servers,
websites and more.

On/Off Switch

Connect and disconnect
your VPN by sliding its
switch on or off.

Network Scanner

Explore the remote
network and instantly
connect to services.

Accounting

Keep track of your
connection time.

Log

Get troubleshooting
advice and see what
VPN Tracker is doing.

Configuration

Set up your VPN or
change settings.

Status

Your VPN at a glance –
see your assigned IP
address, the remote
network address, con­tact information and
notes.

Network Traffic

See what’s happening on
your VPN connection.

Add Items

Add a new VPN connection,
group or Secure Desktop

Toggle Details

Display or hide your connection
details or the traffic graph.

Contacts & Notes

Jot down notes and
store the admin contact
for the VPN or the billing
reference number for a
client.

Technical Support

No matter where you
are, technical support is
just one click away!

4

Introducing VPN Tracker

VPN Tracker Deployment Guide

‣

Are you deploying VPN Tracker to end users in
your organization?

‣

Are you a consultant setting up VPN Tracker for
your clients?

‣

Are you managing the VPN Tracker licenses in your
organization?

Get the VPN Tracker Deployment Guide for up-to date information and best
practices. Download your free copy today at http://www.vpntracker.com

This manual contains lots of great tips. You can easily spot them
by looking for the light bulb icon.

If you are setting up not just VPN Tracker, but also a VPN gate­way, this icon points out recommended settings and things you
need to pay attention to when setting up a VPN gateway.

This exclamation mark warns you when there is a setting or ac­tion where you need to take particular care.

Welcome to VPN Tracker, the leading VPN client on Mac.
Whether you are new to VPN or a seasoned VPN guru, this
manual will help you get started with VPN Tracker.

Conventions Used in This Document

Links to External Websites

Sometimes you will be able to find more information on external websites.
Clicking links to websites will open the website in your web browser:

http://equinux.com

New to VPN Tracker?

‣

Install VPN Tracker and get a free trial in →#Getting Started

‣

Take our →#VPN Crash Course and then →#Get Connected

‣

Find out how using your VPN is a breeze with →#Secure Desktop

Upgrading to VPN Tracker 8?

‣

See how to →#Upgrade Your License and how VPN Tracker automatically
takes care of →#Migrating from Previous Versions

‣

Explore →#What’s New in VPN Tracker 8

System Administrators and IT Departments

‣

Connect to your existing VPN or set up a VPN from scratch in

#Getting Connected

→

‣

Set up VPN Tracker for others in →#Exporting Connections

‣

Use the →#Settings Reference for in-depth configuration information

Links to Other Parts of this Manual

A →#Link will take you to another place in the manual. Simply click it if you
are reading this manual on your computer.

Tips and Tricks

Advice for Setting up Your VPN Gateway

Warnings

Getting Help

VPN Tracker makes VPN simple. However, computer networking and VPNs can
be complex and tricky at times, so we have also built in tools and helpful fea-

tures that will assist you if you ever run into problems. Check out →#Trouble­shooting for more information.

5

What’s New in VPN Tracker 8?

Stunning New Look for OS X Yosemite

VPN Tracker was redesigned from the ground up to perfectly match the new
look of OS X Yosemite.

Traffic Control

VPN Tracker 8 gives you even more control over your VPN. Don’t want to send
traffic to certain IP address or subnets over VPN? Simply exclude them! Have a

Host to Everywhere VPN but only need to some addresses over VPN? Tell VPN
Tracker to only send traffic to those IPs over VPN. And even if you’re stuck in a
situation where the local network uses the same subnet as the remote net­work there’s a solution...

Force Traffic for the Local Subnet through VPN

If you end up in a situation where the local network is the same as the remote
network of your VPN, VPN Tracker 8 can try to help you out by forcing non-

essential local network traffic over the VPN.

VPN Engine Updated for OS X Yosemite

VPN Tracker’s engine has been updated to work smoothly with the changes in
OS X Yosemite.

Lower Energy Usage

Use your VPN all day long, even on battery power. VPN Tracker 8 uses signifi­cantly less energy than previous versions of VPN Tracker.

Streamlined Help and Log

VPN Tracker has always been well-known for its unrivaled ease of use. For VPN
Tracker 8, we’ve made it even easier to find just the information you need to
quickly resolve common configuration errors.

Improved Status View

The new Status View clearly reflects what VPN Tracker is doing at each step,
and even displays the most current log message right at the top, and takes

you to the log if necessary.

More Actions in Status View

The Status View now has additional actions such as finding your Mac’s IP ad­dress and taking you straight to your Mac’s network settings.

Quick Install

Individual VPN Tracker users can now install VPN Tracker more quickly, without
having to go through the steps of an installer.

Enterprise Installer

If you are deploying VPN Tracker in your organization, VPN Tracker 8 also ships
as an enterprise installer that easily integrates with popular software rollout
solutions.

6

Upgrading to VPN Tracker 8

If you currently own VPN Tracker, you can easily upgrade to VPN Tracker 8 and
take advantage of all these great new features.

To see your upgrade options, choose VPN Tracker 8 > Buy VPN Tracker in
the demo, or visit

http://www.equinux.com/goto/upgradevpntracker

The License Manger will show you all available VPN Tracker license upgrades.

7

VPN Tracker Editions

Regardless of the edition you have purchased, you can always
download and use the same copy of the VPN Tracker applica-

tion. Your license will automatically unlock all the features in­cluded in your edition.

VPN Tracker

VPN Tracker

Pro

Connectivity

Connect to one VPN

✔

✔

Connect to multiple VPNs at the same time

–

✔

Connect two sites (Network to Network)

–

✔

Integration of OS X PPTP/L2TP VPN

–

✔

Export

Export–✔

Organization

Organize your connections in groups

–

✔

Use a condensed layout

–

✔

Search for connections

–

✔

Accounting–✔

Tools

Ping Tool✔✔

DNS Lookup Tool

✔

✔

Network Scanner

–

✔

We offer two different editions of VPN Tracker to fit your
requirements. Find out which edition is right for you.

VPN Tracker

VPN Tracker is designed for individual users and for end users in corporate
environments. It’s perfect for getting connected to an office or home network.

VPN Tracker Pro

VPN Tracker Pro adds advanced features for consultants, network admins and
power users.

Do I need VPN Tracker Pro?

VPN Tracker Pro is a great asset if you are a consultant, a system or network
administrator, or are working with multiple VPN connections:

VPN Tracker Editions Compared

‣

Export VPN connections for yourself and other users.

‣

Scan the remote network for services or to assist users.

‣

Connect to multiple VPNs at the same time.

‣

Manage a large number of VPNs using search, a condensed layout, and
connection groups.

‣

Configure your Mac as a router to provide the entire network with a VPN
tunnel using Network to Network connections.

‣

Control your OS X L2TP/PPTP VPN right within VPN Tracker.

8

Getting Started

If you set up your VPN connection during your free demo pe­riod, VPN Tracker will keep all your settings and details once you
activate a purchased license.

This chapter shows you how to install VPN Tracker, and how
to activate your license. If you do not have a license yet, don’t
worry – we’ll also show you how to get a demo key to try
VPN Tracker for free.

Installing VPN Tracker

You can always download the latest version of VPN Tracker from the
VPN#Tracker website:

http://vpntracker.com/download

There is one single download for all editions of VPN Tracker.

Once your download has finished, double click the downloaded file
“VPN#Tracker#8.zip” if it doesn’t open automatically. Then double-click the VPN
Tracker 8 app and follow the steps to install VPN Tracker’s engine.

Activating VPN Tracker

Activating VPN Tracker is quick and easy. You can activate your license in a few
seconds over any Internet connection.

How many licenses do I need?

VPN Tracker is licensed per-machine, so each Mac you want to run VPN Tracker
on will need its own license. Licenses can be bought in the equinux Online
Store or at your nearest equinux reseller. You can find your nearest reseller
with our Reseller Locator:

http://equinux.com/goto/reseller

Testing VPN Tracker

If you want to make sure VPN Tracker works with your connection and meets
your expectations before purchasing, you can request a free demo license.
This will give you access to all VPN Tracker Pro features (except exporting
connections). Simply click the button to obtain a demo license when you first
open VPN Tracker.

Opening VPN Tracker

Go to your Applications folder in Finder and double-click VPN Tracker 8 to
open it.

Once you’re satisfied VPN Tracker suits your needs, you can purchase a full
license right from within VPN Tracker.

To purchase a license:

‣

Select VPN Tracker 8 > Buy VPN Tracker from the menu bar

‣

Follow the instructions to purchase a license. Your license will be activated
immediately.

If you prefer, you can also purchase VPN Tracker using your web browser:

http://equinux.com/goto/buyvpntracker

9

Activating a License from the equinux Online Store

You might be prompted to enter a name and email address. This
will make it easier for you to keep track of who is using which

license – particularly useful if you have a large number of VPN
users in your organization.

Broken Mac? Stolen Mac?

If your old Mac is broken or unavailable, enter your activation code (or
equinux ID and password) on the new Mac, and select the option to reset

your license, or use the license manager to revoke your activation code.

VPN Tracker Deployment Guide

‣

Are you deploying VPN Tracker to end users in
your organization?

‣

Are you a consultant setting up VPN Tracker for
your clients?

‣

Are you managing the VPN Tracker licenses in your
organization?

Get the VPN Tracker Deployment Guide for up-to date information and best
practices. Download your free copy today at http://www.vpntracker.com

To activate a license bought in our online store:

‣

Open VPN Tracker. In case you still have time left on your demo period,
choose “VPN Tracker 8 > Activate VPN Tracker” from the menu bar on top of

your screen.

‣

If you are asked for your equinux ID and password, enter the equinux ID
and password that was used for the purchase.

‣

If you own more than one license, you will be asked to select the one that
you would like to activate.

‣

Follow the steps to complete activation

Activating Using an Activation Code

If you received an activation code:

‣

Open VPN Tracker. In case you still have time left on your demo period,
choose VPN Tracker 8 > Activate VPN Tracker from the menu bar on top of
your screen.

‣

Enter the activation code.

‣

Follow the steps to complete activation.

Managing Licenses

If you are in charge of VPN Tracker licenses at your company, our License

Manager can help you deploy, move and manage those licenses.

Changing Computers

If you'd like to change computers, you can easily move your license:

‣

Choose VPN Tracker 8 > Deactivate VPN Tracker from the menu bar on your
old Mac.

‣

Once deactivated, you'll be able to activate your new Mac straight away.
Simply follow the activation instructions above.

‣

Enjoy your new Mac!

10

Migrating from Previous Versions

If you are evaluating VPN Tracker 8, don’t worry – your existing
connections and settings in previous versions of VPN Tracker
remain untouched.

No matter which version you are coming from, it’s easy to
migrate all your settings to VPN Tracker 8 to continue
working without interruption.

VPN Tracker 5, 6, and 7

Your existing connections and settings from the most recent predecessor are
automatically migrated to VPN Tracker 8 when you open it for the first time.

If you ever want to migrate your connections again, you can tell VPN Tracker
to repeat the migration to ensure you have the latest connections and set-

tings from your old VPN Tracker version: “File > Migrate from VPN Tracker 5/6/
7”. Please note that this migration will replace all connections in VPN Tracker 8.

VPN Tracker 4 (and 3)

You can migrate connections from these versions of VPN Tracker from the File
menu (File > Migrate...).

You will find your migrated connections in their own connection group
named “VPN Tracker 4” (or “VPN Tracker 3” ) in VPN Tracker.

11

Getting Connected
VPN Crash Course

Is this your first time working with a VPN? Read this chapter
to get you up to speed.

VP...What?

VPN Tracker allows your Mac to securely connect to another network over the
Internet. Even if your office is located in San Francisco and you're on a busi-

ness trip in New York, you can work with your applications and files, as if you
were in your office.

What do I need?

To create a VPN connection from your Mac, you need three things:

‣

VPN Tracker

‣

An Internet connection

‣

A VPN gateway

If you’re reading this, you probably already have VPN Tracker and an Internet
connection for your Mac. So what about a VPN gateway?

VPN Gateway

A VPN gateway is a hardware device (or in some cases
specialized software running on a regular computer)

that accepts incoming VPN connections, creating a
secure tunnel between its local network and your
Mac. In most cases, a VPN firewall or a router with
built-in VPN capabilities will act as the VPN gateway.

If there are existing VPN users in your organization you probably already have
a properly configured VPN gateway. If not, don’t worry – check out the chap-

ter on →#Choosing the Right VPN Device for some tips on what to look for
when buying a VPN gateway.

How does it work?

As the name implies, VPN Tracker uses VPN (Virtual Private Network) technol­ogy to create a connection between your Mac and your remote network. And

unlike normal Internet connections, a VPN Tracker connection is encrypted.
Think of a VPN as a highly-secure tunnel through the Internet, your very own
"secure line" to your office.

In order to use a VPN, you'll need your Mac running VPN Tracker on your end
of the connection. On the other end of the connection (the remote side), you

need a VPN gateway that accepts your incoming VPN connection.

Once you have set up your connection in VPN Tracker and on the device at
your remote location, you are ready to connect and start working remotely
using your normal tools and applications.

What kind of VPN connections does VPN Tracker support?

VPN Tracker supports industry standard IPsec VPN connections. IPsec VPN is
fast, secure, and supported by a great variety of devices.

In addition, VPN Tracker Pro also integrates OS X L2TP VPN connections, as
well as legacy PPTP connections. For more information, please refer to chapter

L2TP / PPTP Connections.

→

12

The Big Picture

If a configuration guide is available for your device and you do
not yet have VPN set up on your VPN gateway, you can go

straight to the guide and follow it. Then continue with the chap­ters →#Secure Desktop and →#Working with VPN Tracker for more

information on how to use your VPN connection.

VPN Tracker can also use L2TP or PPTP connections created by
OS X. For more information, please see→#L2TP / PPTP.

To give you a better idea how to set up your VPN, here's a
quick overview. We'll look at the details in the following
chapters, so don't worry about missing pieces right now –
there will be a lot more specific information later on.

Add a New Connection

‣

Click the button in the lower left hand corner of the VPN Tracker window

You will see a list of device profiles. We have device profiles for all the VPN
gateways that VPN Tracker has been tested with.

Find Your Configuration Guide

Our engineers have tested a large number of VPN gateways with VPN Tracker.
For many of these, detailed configuration guides are available. Now is a good

time to check whether a device-specific configuration guide is available.

In VPN Tracker

‣

Click “Configuration Guide” on the Basic tab.

You will be taken to the configuration guide for your device, if available.

On the Web

All configuration guides are also available on our website:

http://vpntracker.com/interop

‣

Select your VPN gateway from the list. If your VPN gateway is not listed,
check the box “Use custom device profile”.

‣

Click “Create” to add the new connection

13

Basic Settings

Let’s take a closer look at the essential settings that VPN Tracker needs to connect to your VPN gateway. Depending on your device, some settings may not be
shown. If you don’t know yet what to fill in, we’ll cover each setting in detail later in this chapter.

Connection Icon

Customize the icon by
dragging an image onto the
default icon, or choose
“Edit#>#Choose Image…” for
a new icon.

Device Profile

Click to change the device profile.

VPN Gateway

Enter the public IP address
or host name of your VPN
gateway, e.g 203.0.113.48 or
vpn.example.com

Authentication

Choose whether to use a
pre-shared key, certificates
or hybrid mode for authen­tication. Most VPN gateways
use pre-shared keys.

Identifiers

Select the type and enter
the local and remote identi­fiers.

Note: The identifiers need to
be entered in reverse, e.g.

“local” in VPN Tracker is what
is configured as “remote” on
your VPN gateway.

Connection Name

Click to change the name of
your connection.

Configuration Guide

Click to access the device­specific configuration guide.

Network Configuration

Select manual configuration
or one of the automatic
configuration options (not
available on all devices).

Extended Authentication

VPN Tracker will prompt you
for username and password
if your VPN gateway requests
Extended Authentication
(XAUTH).

DNS

VPN Tracker can use a DNS
server on the remote net­work over VPN. It is not nec­essary to configure remote
DNS right away, you can
always do so later.

14

Advanced Settings

Some VPN gateways use different terms for phase 1 and 2: Phase
1 is sometimes called “IKE”, while phase 2 may be called “VPN” or

“IPsec”. Check out the →#Settings Reference for more details.

It is not necessary to leave edit mode to save the connection or
to connect to the VPN. If you make changes while the VPN is
connected, reconnect the VPN to apply them.

Are you connecting to a VPN that's already set up?

If you are connecting to an existing VPN (e.g. one that Windows users are
already connecting to), all you need to do is gather a few pieces of informa-

tion about your VPN gateway to configure VPN Tracker. The next chapter

→

#Setup for an Existing VPN has all the details.

Are you setting up both your VPN gateway and VPN Tracker?

Check if your VPN gateway has been tested with VPN Tracker and if there is
a configuration guide available (see →#Find Your Configuration Guide).

‣

If a configuration guide is available, follow it.

‣

If no configuration guide is available for your device, or if you are work­ing with an untested device, →#Setup without Configuration Guide will

help you get connected.

Did you receive a VPN Tracker connection from your administrator?

Follow →#Importing Connections to see how to use the connection in VPN
Tracker.

You likely won‘t have to modify any settings on the Advanced tab, unless:

‣

your device uses different settings than the factory defaults and/or the set­tings proposed in the configuration guide, or

‣

there is no device profile for your device in VPN Tracker

In both cases, the goal is to have VPN Tracker’s settings for Phase#1 and
Phase#2 match exactly what is set up on your VPN gateway.

Actions and Notes

These settings are not relevant to VPN connectivity, so we will skip them for
now. They are covered in detail in →#Working with VPN Tracker.

Completing Setup

When you‘re done configuring your VPN, click the „Done“ button on the upper
right corner to leave edit mode.

Now that you have a basic idea how to set up a connection in VPN Tracker,
you’re ready to apply it to your specific situation.

15

Setup for an Existing VPN

What if my organization does not support Macs?

We often hear from customers in organizations where Macs are not offi­cially supported for VPN access. It may be difficult to get help if the IT help

desk isn’t set up to support Mac users. We’re here to help!

To find out more about your VPN gateway’s configuration, your first stop
should be your VPN gateway’s administrator: Your network administrator,
your IT department or your help desk are good places to ask.

If they cannot help, you may be able to obtain the settings from another
VPN client that has already been configured, for example on a Windows PC.

If you have any questions about specific settings, please refer to
the →#Settings Reference in this manual. For some settings, in

particular phase 1 and 2 algorithms, it may be possible to
“guess” them – the reference will tell you if and how.

Cisco IPsec VPN

If you have a Cisco IPsec VPN connection profile (.pcf ), you can import it
directly into VPN Tracker (File > Import > Cisco VPN Client Connection).

If there is a configuration guide for your VPN gateway (→#Find
Your Configuration Guide), refer to it for additional advice. Keep

in mind that the configuration guide describes a working setup,
but not the only working setup. In most cases, you won’t need

to make changes to a working setup on the VPN gateway.

When connecting to a VPN that’s already set up, your goal is
to configure VPN Tracker to match the settings on your VPN
gateway. In order to do so, you will need information about
the VPN gateway’s configuration.

Obtain the Configuration

You will always need the following information:

‣

The public IP address or host name (e.g. “203.0.113.48” or
“vpn.example.com”) of the VPN gateway you are connecting to

‣

The brand of the VPN gateway (e.g. Cisco, SonicWALL, NETGEAR, ...)

‣

The pre-shared key1 or the client certificate

You may also need one or more of the following:

‣

The address of the network you are connecting to through VPN

‣

The local identifier

‣

The model name of the VPN gateway (e.g. ASA Series, TZ Series, FVS318N, ...)

‣

The settings for phase 1 and 2 (encryption algorithms etc.)

‣

Your username and password, if Extended Authentication (XAUTH) is used

2

Configure VPN Tracker

‣

Create a new VPN connection if you have not yet done so (see → Add a
New Connection for additional information).

‣

Enter the settings you obtained in the Basic and Advanced tabs.

Connecting

When you’re done setting up, skip ahead to →#Connecting to Your New VPN to
see how to connect to your new VPN.

1

Not required for SonicWALL with “Use Default Key for Simple Client Provisioning” enabled

2

Some VPN gateways (e.g. Cisco) refer to the local identifier as “group name” or “group ID”

16

Setup without Configuration Guide

It is a good idea to carefully choose the address of the VPN
gateway’s LAN network if you plan to access it through VPN. To

avoid address conflicts, use a private network that is not used
very frequently (e.g. 192.168.142.0/24, or 10.42.23.0/24).

Almost all IPsec VPN gateways can be used with VPN Tracker,
even if they have not been tested with VPN Tracker.

Set up Your VPN Gateway

Network Setup

If you haven’t already done so, set up your VPN gateway so it is connected to
the Internet and to the internal network that you want to access using

VPN#Tracker. Please refer to your VPN gateway’s manual for more information
on how to do this.

VPN Setup

Once you have completed the initial setup of your VPN gateway, it is time to
configure VPN on the VPN gateway. Go for the simplest possible configuration
first. You can always move to a more sophisticated setup later.

If your VPN gateway’s manual has instructions for setting up a VPN connec­tion, follow it. Otherwise, please follow these basic settings as closely as pos­sible:

Authentication

‣

Choose pre-shared key authentication.

‣

For now, use a pre-shared key that is not too complex to avoid typos. But
don’t forget to change it to a very strong password later!

Aggressive Mode vs. Main Mode

‣

For most devices, you should use Aggressive Mode for now.

‣

Main Mode is considered more secure, but may not work with all devices
for clients connecting from dynamic IP addresses. You can try Main Mode

once you’ve got everything else working.

Identifiers

‣

Choose Fully-Qualified Domain Name (FQDN) identifiers, if possible.

‣

With most devices, you can enter any identifier you want, it doesn’t have to
be a valid domain name. Good choices would be:

Local identifier: vpngateway.local

Remote identifier: vpntracker.local
(the remote identifier is sometimes called “peer identifier”)

‣

Some devices use the group name as the remote identifier.

Proposals (Phase 1 and 2 Settings)

‣

Encryption algorithms: AES-128 or 3DES

‣

Hash/Authentication algorithms: SHA-1

‣

Diffie-Hellman (DH) group 2 (1024 bit)

‣

Enable Perfect Forward Secrecy (PFS) using DH group 2 (1024 bit)

While these are not the most secure settings, they are compatible with a wide
variety of devices. Use them as a starting point. Once you’ve got the VPN

working, switch to stronger algorithms if available (e.g. AES-256, SHA-2, DH
group 5 or higher).

Local Endpoint (Network Access / Policy)

‣

On most VPN gateways, you will have to configure the network(s) VPN us­ers can access. This setting is often called “local endpoint”, or “policy”.

‣

Enter the address of the network you would like to access. Usually this will
be the same as the VPN gateway’s LAN network (e.g. 192.168.142.0/24).

‣

This setting will later be configured in VPN Tracker as the Remote Network.

Remote Endpoint

‣

Some VPN gateways will also ask you to configure the “remote endpoint”
of the VPN. The remote endpoint is the address VPN clients will be using
when connected through VPN.

‣

Whenever possible, set this to “any address” or “dynamic” (sometimes also
referred to as “0.0.0.0/0”).

17

‣

If any other settings are required by your VPN gateway to set up
a basic VPN connection, check the →#Settings Reference in this

manual and your VPN gateway’s documentation for more infor­mation on what to configure.

If your VPN gateway requires a single address to be entered, this will mean
that only one VPN client can use this VPN connection at a time. It also

means that you will have to take the address you configure on the VPN
gateway, and enter it in VPN Tracker as the Local Address.

VPN Gateway IP Address or Hostname

‣

Finally, write down your VPN gateway’s public (WAN) IP address or host
name.

‣

If your VPN gateway’s public IP address is dynamic, you might want sign up
with a dynamic DNS service so you can always refer to it by host name.

Configure VPN Tracker

Once you have your VPN gateway set up, enter the settings in VPN Tracker. For
your connection, use a custom device profile to have access to all settings.

Then enter your settings. Please refer to →#Getting Connected to see where
required settings are located. Also check the →#Setting Reference if you are

unsure about a specific setting.

A few final notes:

‣

The identifiers are swapped in VPN Tracker. What is local from the VPN
gateway’s perspective, is remote from VPN Tracker’s perspective, and vice

versa. You can set the remote identifier to “Don’t verify remote identifier” so
you don’t have to deal with it for now.

‣

If you were able to select the algorithms and Diffie-Hellman (DH) groups
suggested earlier, you do not have to modify any setting on the Advanced
tab. However, if the suggested settings were not available on your device,

make sure to customize the phase 1 and 2 settings on the Advanced tab so
they match what is configured on your VPN gateway.

Connecting

When you’re done setting up, skip ahead to →#Connecting to Your New VPN to
see how to connect to your new VPN.

18

Importing Connections

Find out how to import a connection that you have been
given by your IT department or VPN administrator.

Prerequisites

Before importing a connection, make sure VPN Tracker is installed. If you have
not yet downloaded or installed VPN Tracker, or if you haven’t activated your

license yet, please follow →#Getting Started first.

Import Your Connection(s)

‣

Locate the connection in Finder and double-click it. Or open VPN Tracker
and choose “File#> Import#> VPN#Tracker#Connection…” from the menu.

Replacing Existing Connections

If you already have the connection you’re about to import, you’ll be asked
whether to replace your existing connection, or if you would prefer to add this

connection as a copy:

Replacing a connection

If your new connection replaces your existing connection, click “Replace”. Your
existing connection will be overwritten.

Adding a copy

If you would prefer to keep your existing connection and import the new
copy, click “Add Copy”.

You’ll find the imported connection further
down in your connection list. It will have the
word “copy” appended to its name, e.g. “Office

copy”.

‣

You will be asked for the import password. If you don’t know the import
password, please ask the person who gave you the connection.

Replacing an Existing Secure Desktop

Connection files can also include Secure Desktops. If the included Secure
Desktop already exists, you will once again be asked whether you would pre­fer to replace your existing Secure Desktop or add a the new Secure Desktop

as a copy.

19

Connecting to Your New VPN

When you’re done setting up your VPN, you’re ready to
connect. To test your VPN, go to a location outside of the
network that you want to connect to.

Connecting

Click the on/off slider to connect the VPN.

Connected?

Connecting may take a couple of seconds. If the On/Off button turns blue
that’s great –#you’re connected!

Continue with the chapters →#Secure Desktop and →#Working with VPN
Tracker to find out how to use your VPN connection.

Problems?

If you are using VPN Tracker for the first time with your current Internet con­nection, it will test your connection. Wait for the test to complete.

If prompted, enter your pre-shared key and Extended Authentication (XAUTH)
user name and password.

If there is a problem connecting, VPN Tracker will give you helpful advice and
troubleshooting tips. To learn more about troubleshooting VPN connections,
visit the chapter →#Troubleshooting

20

Working with VPN Tracker

Secure Desktop Items

Click an icon to launch an applica­tion, connect to a server etc.

VPN Tracker will automatically
take care of connecting your VPN.

Secure Desktop Background

Drag in a picture while in edit
mode, to give your Secure Desk­top a personal touch. Or choose
any color you like.

Edit your Secure Desktop

Click the triangle to drag new items to your
Secure Desktop, and edit existing ones.

End Session

When you’re done working over VPN, click the “End Session”
button to take care of closing and disconnecting everything.

21

Secure Desktop: Your VPN Cockpit

Make sure you have set up your VPN connection first. To learn
how to set up your VPN connection, refer to the chapter →#Get-

ting Connected.

Connect to file servers, launch the applications you need, and
much more. And stop thinking about VPN connections.

Setting up your Secure Desktop

Working over a VPN connection used to be a hassle. First you needed to con­nect to your VPN. Then you went to Finder in order to connect to your file

servers, and finally, you could open the applications you need and get to
work.

Not any more! VPN Tracker is designed with your workflow in mind: You click
to open the application. VPN Tracker does the rest.

Building your Secure Desktop with the Assistant

To add items to your Secure Desktop, select it from the top left corner of the
VPN Tracker window and then click “Build Secure Desktop”.

VPN Tracker will guide you through selecting applications, file servers and
websites for your Secure Desktop. Of course you can always modify your Se-

cure Desktop later, so don’t worry if you don’t yet know what to add.

Adding Applications to Your Secure Desktop

The Secure Desktop Assistant will suggest a few commonly used applications.
If your application is not among them, click “Other Application…” to add the

application you want to use.

You can also add applications to your Secure Desktop later, so don’t worry
about them now if you’re not sure.

22

Adding File Servers to Your Secure Desktop

Alternatively, you can connect to file servers in the OS X Finder.

→

Accessing Files, Printers and Databases has more details.

For more information about file servers in Secure Desktop, take
a look at the → Secure Desktop Reference

I don’t know my file server’s IP address. Can’t I just browse for my file
servers via the Finder Sidebar?

For technical reasons, when using a VPN connection, your servers won’t
show up in the Finder sidebar. If you don’t have your file server’s IP address,

you can easily find it out next time you’re in your office network (or what­ever other network you’re connecting to through VPN):

‣

Open “Tools > DNS Lookup…”

‣

Enter your file server’s name and click “Lookup”

After a few seconds, VPN Tracker should tell you the file server’s IP address.
Again, this will only work when you’re actually in your remote network, not

if you’re connected via VPN.

If you would like to access a file server, enter the details in the Secure Desktop
Assistant.

To connect to a Mac-based (AFP) file server:

‣

Enter “afp://” followed by the IP address1 of the server, e.g.
afp://192.168.144.11

To connect to a Windows-based (SMB) server:

‣

Enter “smb://” followed by the IP address1 of the server, e.g.
smb://192.168.144.17

Adding Websites to Your Secure Desktop

If you have intranet websites that you need to access over VPN, you can add
those to your Secure Desktop as well. Just enter your website URLs when

prompted by the Secure Desktop Assistant.

Customizing Your Secure Desktop

If you would like, you can customize the name and color of your Secure Desk­top. Then click to finish creating your new Secure Desktop.

1

If your connection is set up to use remote DNS, you may also be able to enter a DNS host name, e.g. “fileserver.example.com”

23

Working with Secure Desktop

To use Secure Desktop when your Mac is physically connected to
your VPN’s remote network (e.g. at the office), teach VPN Tracker
to recognize your remote network using → Direct Link Detection.

Adding Items from the Network Scanner

You can add new items to your Secure Desktop right
from the Network Scanner!

Just click the … button and choose “Add to Secure
Desktop”, or drag the services straight to a Secure
Desktop in the sidebar.

Starting a Secure Desktop Session

Multiple Secure Desktops

You can have more than one Secure Desktop (e.g. for different clients, de­partments or tasks). To add a new Secure Desktop, choose File > New Secure

Desktop from the menu bar on top of your screen.

Editing Your Secure Desktop

You can easily add, modify or remove Secure Desktop items.

To edit your Secure Desktop:

‣

Select the Secure Desktop that you would like to edit.

‣

Click the triangle at the bottom to switch to edit mode

‣

A drawer with new items will open. Drag an item to your Secure Desktop to
add it. Or drag an existing item outside your Secure Desktop to remove it.

Click one of the icons on your Secure Desktop to start working with that ap­plication, file server or website. VPN Tracker will automatically connect any

necessary VPN connections, and then open your application, connect to your
file server, website, etc.

Ending a Secure Desktop Session

Once you’re done working over VPN, simply end your session by clicking the
large red button at the bottom of the window. VPN Tracker will take care of
disconnecting file servers and disconnecting your VPN.

24

To modify an item, click it while Secure Desktop

Further information about Secure Desktop is available in the

→

Secure Desktop Reference.

is in edit mode. To finish editing, click on a free
space on your Secure Desktop or hit the Esc key.

When you are done configuring, click the trian­gle again to leave the edit mode.

Customize the Appearance of Your Secure Desktop

You can give your Secure Desktop a personal touch, by adding your own pic­ture, choosing your own background and changing icons.

To customize your Secure Desktop icon:

VPN Tracker automatically shows a preview of what’s on your Secure Desktop.
If you wish, you can replace that with a custom icon, simply drag the new icon
onto the preview in the sidebar.

To customize your Secure Desktop background

‣

Switch the Secure Desktop to edit mode by clicking the triangle

‣

Drag an image to your Secure Desktop

or

‣

Right-click or Ctrl-click the Secure Desktop area

‣

Select a background image or background color

‣

Enjoy the view!

To customize the icons of your Secure Desktop items:

‣

Switch Secure Desktop to edit mode by clicking the trian­gle

‣

Drag an image onto one of your Secure Desktop icons

25