HoB HOBLink Administration Manual

Administration Guide

HOBLink VPN Gateway

Software version: 2.1

Issue: November 2014

HOBLink VPN Gateway Software and Documentation - Legal Notice

Contact: HOB GmbH & Co. KG

Schwadermuehlstr. 3 90556 Cadolzburg Represented by: Klaus Brandstätter, Zoran Adamovic Phone: + 49 9103 715 0 Fax: + 49 9103 715 271 E-mail: marketing@hob.de

Register of Companies: Entered in the Registry of Companies, Registry Court: Amtsgericht Fürth, Registration Number: HRA 5180

Tax ID: Sales Tax Identification Number according to Section 27a Sales Tax Act: DE 132 747 002 Responsible for content according to Section 55 Paragraph 2 Interstate Broadcasting Agreement: Klaus Brandstätter,

Zoran Adamovic, Schwadermuehlstr. 3, 90556 Cadolzburg.

Disclaimer

All rights are reserved. Reproduction of editorial or pictorial contents without express permission is prohibited. HOBLink VPN Gateway software and documentation have been tested and reviewed. Nevertheless, HOB will not be liable for any loss or damage whatsoever arising from the use of any information or particulars in, or any error in, or omission from this document. All information in this document is subject to change without notice, and does not represent a commitment on the part of HOB.

Liability for content

The contents of this publication were created with great care and diligence. While we keep it as up-to-date as practicable, we cannot take any responsibility for the accuracy and completeness of the contents of this publication. As a service provider we are responsible for our own content in this publication under the general laws according to Section 7 paragraph 1 of the TMG. According to Chapters 8 to 10 of the TMG we are not obliged as a service provider to monitor transmitted or stored information not created by us, or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected. Liability is only possible however from the date of a specific infringement being made known to us. Upon notification of such violations, the content will be removed immediately.

Liability for links

This publication may contain links to external websites over which we have no control. Therefore we cannot accept any responsibility for their content. The respective provider or operator of the website pages to which there are links is always responsible for the content of the linked pages. The linked sites were checked at the time of linking for possible violations of the law. At the time the link was created in this publication, no illegal or harmful contents had been identified. A continuous and on-going examination of the linked pages is unreasonable without concrete evidence of a violation. Upon notification of any violations, such links will be removed immediately.

The contents and works on these pages created by the author are subject to German copyright law. Reproducing, copying, modifying, adapting, distributing or any kind of exploiting of this material outside the realms of copyright require the prior written consent of the respective author or creator. The downloading of, and making copies of, these materials is only permitted for private, non-commercial use. Where contents of this publication have not been created by the author, the copyright of the third parties responsible for these contents shall be upheld. In particular any contents created by a third party are marked as such. If you become aware of any copyright infringement within this publication, we kindly ask to be provided with this information. Upon notification of any such violation,

Trademarks

Microsoft Windows is a trademark of Microsoft Corporation.

Linux® is the registered trademark of Linux Torvalds in the U.S. and other countries.

UNIX is a registered trademark of The Open Group.

Mac OS and Apple are trademarks of Apple Inc., registered in the U.S. and other countries.

Oracle and Java are registered trademarks of Oracle and/or its affiliates.

All other product names, company names and service names may be trademarks, registered trademarks or service marks of their respective corporations or owners, even if they are not specifically marked as such.

the concerned content will be removed immediately.

Issued: November 28, 2014

2 Security Solutions by HOB

Purpose of this Guide

This guide is designed to provide system administrators with detailed information concerning HOBLink VPN Gateway and to help them decide where and when this product can be most effectively deployed in their enterprise network.

This documentation contains descriptions of numerous possible scenarios and explains required conditions. The procedures for configuring the individual software components are documented in detail with step-by-step instructions.

Symbols and Conventions

This guide uses certain conventions and abbreviations which are explained here:

This symbol indicates useful tips that can make your work easier.

This symbol indicates additional informative text.

This symbol indicates an important tip or procedure that may have far-reaching effects. Please consider carefully the consequences of any changes and settings you make here.

 References to program commands, options and buttons are printed in Bold, for example:

select the command Open.

 Cross-references to section headings and figures with numbers are marked in color as

follows: Section 5 Information and Support.

 File names and text to be entered by the user are printed in Courier New. This input is

– unless otherwise mentioned - case sensitive.

 In this documentation, HOB-specific terminology is abbreviated as follows:

HOB-specific Terminology Abbreviation

HOBLink Virtual Private Network HOBLink VPN

 Other abbreviations commonly used in this documentation are as follows:

Full Name Abbreviation

Internet Protocol Security IPsec

Internet Key Exchange IKE

Network Addresss Translation NAT

Extensible Markup Language XML

Uniform Resource Locator URL

Graphical User Interface GUI

Transmission Control Protocol/Internet Protocol TCP/IP

Security Solutions by HOB 3

Dead Peer Detection DPD

User Datagram Protocol UDP

Distinguished Name DN

Network TUNnel/Tap, the Virtual Network Device

Tun/Tap

Interface

Remote Desktop Protocol RDP

4 Security Solutions by HOB

Contents

1 Introducing HOBLink VPN Gateway 7

1.1 Introducing Kanji............................................................................................. 7

1.2 Introducing VPN Peers and VPN Rules ......................................................... 7

1.3 Features of HOBLink VPN Gateway .............................................................. 7

1.4 Components of HOBLink VPN Gateway ........................................................ 9

2 Installing HOBLink VPN Gateway 13

2.1 Starting HOBLink VPN Gateway .................................................................. 13

2.2 Managing HOBLink VPN Gateway............................................................... 13

2.3 Requirements of HOBLink VPN Gateway .................................................... 14

3 Administering HOBLink VPN Gateway 15

3.1 HOB Portal ................................................................................................... 15

3.2 Administering HOBPortal.............................................................................. 16

3.3 Users ............................................................................................................ 17

3.4 Sessions....................................................................................................... 19

3.5 Portlets ......................................................................................................... 20

3.6 Using the HOB Portal ................................................................................... 22

4 Configuring the Kanji GUI Tool 25

4.1 Defining Paths for Kanji and XML files ......................................................... 26

4.2 Selecting Kanji and XML Filepaths from the Kanji Configuration ................. 27

5 Configuring HOBLink VPN Gateway 29

5.1 Properties ..................................................................................................... 29

5.2 Auditing ........................................................................................................ 31

5.3 Network ........................................................................................................ 33

5.4 Service.......................................................................................................... 34

5.5 Remote Authentication Dial In User Service (RADIUS) ............................... 35

5.6 Lightweight Directory Access Protocol (LDAP) ............................................ 37

5.7 Microsoft Layer 2 Tunneling Protocol (L2TP)............................................... 41

5.8 Internet Key Exchange (IKE)........................................................................ 42

5.9 Internet Protocol Security (IPsec)................................................................. 49

5.10 Users ............................................................................................................ 52

5.11 VPN .............................................................................................................. 54

5.12 VPN Gateway StatusInfo.............................................................................. 59

6 Configuring XML Parameters for HOBLink VPN Gateway 61

6.1 Configuration Parameters for Properties (properties)............................. 61

Security Solutions by HOB 5

6.2 Configuration Parameters for Auditing (auditing) .....................................61

6.3 Configuration Parameters for Network (network) .......................................62

6.4 Configuration Parameters for Service (service) ........................................63

6.5 Configuration Parameters for RADIUS (radius)......................................... 64

6.6 Configuration Parameters for IKE (ike) .......................................................66

6.7 Configuration Parameters for IPsec (ipsec)................................................71

6.8 Configuration Parameters for Users (user) .................................................73

6.9 Configuration Parameters for VPN (vpn)......................................................74

6.10 Configuration Parameters for L2TP (l2tp) .................................................. 80

6.11 Configuration Parameters for LDAP (ldap) .................................................81

7 Information and Support 83

6 Security Solutions by HOB

HOBLink VPN Gateway Introducing HOBLink VPN Gateway

1 Introducing HOBLink VPN Gateway

HOBLink Virtual Private Network Gateway (HOBLink VPN Gateway) is a VPN gateway solution for access to your network data with strong and secure IKE/IPsec encryption methods. It uses the IPsec, IKEv1 and IKEv2 protocols to give your company the security you require. HOBLink VPN Gateway provides authenticity, integrity and confidentiality checks for each stage of data transfer.

HOBLink VPN Gateway is a new implementation of an IPsec based VPN gateway as a software solution. Versions for different products are provided and are primarily available for Linux, BSD and Microsoft Windows platforms.

It is intended to support HOBLink VPN 1.8 clients and gateways, as well as other RFC compliant solutions.

HOBLink VPN Gateway enables you to have secure, economical, reliable and universal remote access to all your enterprise IT resources.

1.1 Introducing Kanji

Kanji is a GUI tool with a Java interface that is used to create and modify configuration XML files. Kanji can be applied to many products. In this case, it is an intuitive interface used in the HOB Portal that anyone is able to use to configure VPN connections. See Section 3 Administering HOBLink VPN Gateway on page 15 for more information.

1.2 Introducing VPN Peers and VPN Rules

HOBLink VPN Gateway uses IPsec and IKE security encryption protocols. As these do not allow a traditional client-server relationship, a system of peers is used to avoid this problem. In a peer system there is no distinction between the participants as with a client-server set up, with all devices being on the same peer level. A system of rules is also used to govern how the peers within the VPN communicate with each other.

How to set up the VPN Peers and the VPN Rules is described in Section

6.9 Configuration Parameters for VPN (vpn) on page 74. The other

components of the configuration consist of the information needed to fulfill the requirements for setting up VPN Peers and VPN Rules.

1.3 Features of HOBLink VPN Gateway

HOBLink VPN Gateway is a gateway solution for access that uses these two processes:

 hobvpn2

 hobsr

The process hobvpn2 runs in normal user space without any root or administrative privileges on the computer. There are two reasons for this. Firstly, unlike most IPsec VPNs that run in Kernel mode, if there is an error the operating system is not involved, meaning there are no “blue screen” errors. Secondly, as the process is

Security Solutions by HOB 7

Introducing HOBLink VPN Gateway HOBLink VPN Gateway

used for access over the public Internet, having no privileges means the process cannot be used to access other parts of the computer in the event of an attack. This is an extra security feature of this solution. Please note that hobvpn2 should be started by a non-privileged user.

The second process, hobsr, is used for tasks that need root/administrator rights (e.g. to open a RAW socket, to create or open the Tun/Tap device, creating static routes and ProxyARP entries, etc.). This process is not accessible from the Internet, providing only secure internal communication to hobvpn2. This process needs to be provided with extra access rights and is started automatically by hobvpn2.

Other features and highlights of HOBLink VPN Gateway include:

 Using state-of-the-art IPsec encryption technology and supporting strong

authentication, according to the IPsec RFCs 2401 ff.

 Using multiple encryption methods such as AES128, AES192, AES256, 3DES,

Blowfish and CAST128.

 Fully compatible with HOBLink VPN 1.6 and 1.8 gateways and clients, users and

user groups, as well as the IPsec products from many other vendors.

 Using all IKE and IPsec standards and tunnel modes that were supported in

version 1, including IKEv1, AH, ESP, IPCOMP and their combinations (AH+ESP, AH+IPCOMP, ESP+IPCOMP, AH+ESP+IPCOMP) to provide data manipulation alerts and replay detection. This ensures that the data has not been corrupted.

 IPsec processing takes advantage of multiple CPUs and can process several

packets concurrently. A special thread managing system optimizes the usage of CPU and RAM resources.

 The Tun/Tap interface is used to carry the IP packets from the kernel into user

space and vice versa.

 IKEv1 supports two different types of Phase 1 negotiations, Main Mode and

Aggressive Mode. Aggressive Mode supports two additional authentication methods, Hybrid and XAuth. IKE Phase 2 negotiations use Quick Mode.

 IKE Phase 1 supports RADIUS and LDAP/AD authentication for clients.

 IKE supports IKE Client Configuration Mode (for the assignment of virtual IPs

and primary and secondary DNS servers).

 HOBLink VPN Gateway supports certificates (HOB CDB, Microsoft CryptoAPI).

 HOBLink VPN Gateway supports Syslog auditing over UDP port 514.

 HOBLink VPN Gateway includes NAT detection and NAT keepalives.

 HOBLink VPN Gateway supports UDP encapsulation for NAT traversal.

 HOBLink VPN Gateway supports DPD (Dead Peer Detection).

 The VPN rules support the negation of the traffic selectors source, destination

and service.

 HOBLink VPN Gateway supports XML configuration, with local configuration

files in XML format. SSL connections are also supported (https).

 All services, ports and connections are fully configurable. Configuration is also

possible via a web browser, both local and remote.

8 Security Solutions by HOB

HOBLink VPN Gateway Introducing HOBLink VPN Gateway

1.4 Components of HOBLink VPN Gateway

HOBLink VPN Gateway is a complete software solution that is delivered in a modular form. These modules, both core modules and configuration modules, are installed together and work together to provide the functionality you require.

1.4.1 Core Modules

There are two core modules that provide the required functionality of HOBLink VPN Gateway. These are the:

 Process Modules

 Library Modules

Process Modules

The basic functionality of HOBLink VPN Gateway is provided by the process hobvpn2 (main process). An important process, hobsr, provides hobvpn2 with added system resources and therefore needs special root permissions.

Another process, sendsig, sends two signals to the hobvpn2 process. These signals provide the following tasks:

 sendsig (sent without any parameter) - this signal indicates to the hobvpn2

process that the configuration has been changed while the VPN is still running. The hobvpn2 process then reads the configuration file again and updates its internal processes accordingly, while it continues running.

 sendsig hobvpn2 - this forces the hobvpn2 process to stop running

Library Modules

Some libraries are needed for a proper connection:

 libgcc_s.so.1

 libhobxcw3.so

 libhvpnintf32.so

 libstdc++.so.6.0.14 (this has a link called libstdc++.so.6).

1.4.2 Configuration Modules

The configuration modules are the files that contain the necessary data needed by HOBLink VPN Gateway to fulfill the tasks required of it.

 vpnconfig.xml – this file contains the configuration data that

HOBLink VPN Gateway needs to establish IKE/IPsec connections. It is located in the installation folder /HOB/HOBLinkVPN of the application. For configuration purposes, this file may either be edited directly or via a browser (either locally or remotely), in which case the configuration server must be correctly configured. See Section 3 Administering HOBLink VPN Gateway on page 15 for more information.

Security Solutions by HOB 9

Introducing HOBLink VPN Gateway HOBLink VPN Gateway

Figure 1: Standard Browser-based Configuration Scheme

 vpnconfig.knj – this file contains data describing the structural elements of

the HOBLink VPN Gateway configuration. It is used by the HOB configuration server to create the HTML pages for the browser during configuration.

It is strongly recommended to always leave this file, vpnconfig.knj, unchanged.

The browser-based configuration and retrieval of status information is managed by the HOB Portal system. This is installed in the folder HOBPortal which is found in the HOB folder of the installation.

A standard TCP/IP connection from the Java-capable web browser is used to connect to the HOB Portal server, please see Section 3.1 HOB Portal on page 15 for more information.

1.4.3 Certificate Support Modules

Certificates are used to authenticate the machines responsible for communication. The modules that contain these certificates are located in the installation folder of HOBLink VPN Gateway. This folder contains a sub-folder, cert.db, containing two files:

 vpn.cdb - a HOB certificate database file

 vpn.pwd - a password file

10 Security Solutions by HOB

HOBLink VPN Gateway Introducing HOBLink VPN Gateway

The certificates provided in this HOB keystore vpn.cdb are intended for testing and demo purposes only. It is strongly recommended that for productive day-to-day operations you remove these vpn.cdb and vpn.pwd files and create your own keystore and password files. Use the HOBLink Security Manager to either create your own PKI or just add the available certificates to your own keystore.

These files can be edited via the HOBLink Security Manager tool, which is delivered on CD for extra installation. Documentation concerning the HOBLink Security Manager is available after the installation of this HOB tool.

Security Solutions by HOB 11

Introducing HOBLink VPN Gateway HOBLink VPN Gateway

12 Security Solutions by HOB

HOBLink VPN Gateway Installing HOBLink VPN Gateway

2 Installing HOBLink VPN Gateway

The HOBLink VPN Gateway software is provided in a compressed file that is installed using an install script. The compressed file is hob-vpn2-gw.tar.bz2 and the install script is installVPN2-GW.sh.

To install HOBLinkVPN Gateway for Linux:

1. Log on as Root User in your Linux system.

2. From the command line, run the install script installVPN2-GW.sh.

3. Select where to install the software (this will be /opt/HOB/ by default).

4. Select the option to start VPN2GW and HOBPortal (this step is optional).

Once the software has been installed, make sure that IP Forwarding is enabled. If it is not enabled, run the script enableIPForwarding.sh located in the HOB folder. To disable it again, run the script disableIPForwarding.sh.

2.1 Starting HOBLink VPN Gateway

When the software is installed via the install script, HOBLink VPN Gateway can either be started in Step 2 below or started later.

To start HOBLink VPN Gateway:

1. Log on to the system as a normal user.

2. From the command line, run the script startVPN.sh located in the HOB folder.

This starts the hobvpn2 process, giving the parameter -c vpnconfig.xml for the configuration file, as a daemon.

The script startVPN2-GW.sh can also be used to start HOBLink VPN Gateway, which in turn also starts the HOBPortal server.

For debugging purposes:

The process hobvpn2 accepts the following parameters:

 -a – this step is optional. This runs hobvpn2 as an application. If this is not

already specified, hobvpn2 runs as a daemon (in the background) instead.

 -c (config file) – this step is optional. If this is not present, then the config.xml

file is used as default.

2.2 Managing HOBLink VPN Gateway

The following information refers to the installation folder, which is /opt/HOB/ HOBLinkVPN/ by default. The administration scripts are in the HOB installation

folder (in this case, /opt/HOB/).

The command ./hobvpn2 -c vpnconfig.xml starts the VPN process, where the parameter -c indicates the name of the configuration file (vpnconfig.xml by default). A normal, non-privileged user should start the process. It is easier to start the VPN process by running the script startVPN.sh, which runs the provided command.

Security Solutions by HOB 13

Installing HOBLink VPN Gateway HOBLink VPN Gateway

In order to stop the VPN process, run the script stopVPN.sh. This sends the command ./sendsig hobvpn2 that orders the VPN process to stop working gracefully.

To reload and implement changes in the configuration file, run the script

reloadConfig.sh

. This runs the process ./sendsig, which sends the

command to the VPN process to reload and implement the configuration file.

2.3 Requirements of HOBLink VPN Gateway

The following are the necessary minimum requirements for a successful installation of HOBLink VPN Gateway:

System Requirements

HOBLink VPN Gateway is designed to run on the Linux operating system platform. It requires only a standard Linux machine, with at least Kernel 2.6.x, including the Tun/Tap interface.

HOBLink VPN Gateway supports both 32 and 64 bit systems.

Software Requirements

There are two options available for configuring HOBLink VPN Gateway:

 a web browser

 a standard or XML editor (for editing the configuration file)

For logging purposes:

Messages created while starting HOBLink VPN Gateway are written into the file trace.txt which is located in the installation folder.

Messages created while running HOBLink VPN Gateway are to be logged by a syslog server listening on UDP port 514. By default, the configuration file vpnconfig.xml that is delivered with the solution contains a syslog server configuration with the IP address 127.0.0.1, localhost.

14 Security Solutions by HOB

HOBLink VPN Gateway Administering HOBLink VPN Gateway

3 Administering

HOBLink VPN Gateway

HOBLink VPN Gateway can be configured in two ways:

1. By manually setting the configuration parameters by editing the configuration file vpnconfig.xml. The vpnconfig.xml file needs to be opened in a text editor to edit the parameters as required.

Please refer to Section 6 Configuring XML Parameters for HOBLink VPN

Gateway on page 61 for a detailed description of the parameters.

2. By editing the file via the HOB Portal management interface in the browser. When editing through a GUI, you need to connect locally to a web browser. The following web browsers are supported:

 Microsoft Internet Explorer - Versions 9,10,11

 Firefox - Version 28

 Google Chrome - Version 34

3.1 HOB Portal

HOB Portal is the interface for the browser connection to HOBLink VPN Gateway over an IP-based network. This interface provides information about the gateway and allows HOBLink VPN Gateway to be configured.

The installation folder of HOB Portal is /opt/HOB/HOBPortal/ by default.

 The HOB Portal server should be started by the script startHOBPortal.sh,

which launches the command bin/startup.sh.

 To stop the HOB Portal server, run the script stopHOBPortal.sh. This script

launches the command bin/shutdown.sh to stop the HOB Portal server.

3.1.1 Connecting to HOB Portal

To connect to HOB Portal locally, enter the following URL into a browser:

 http://localhost:5822/

To connect to HOB Portal over the network, enter the URL using the hostname as follows:

 http://<hostname>:5822/

3.1.2 Connecting to HOB Portal over SSL

To create an SSL encrypted connection to HOB Portal, enter the URL:

https://<hostname>:8443 into your browser.

A Java keystore is delivered in the path .../HOBPortal/conf.

The relevant server setting is to be found in the file

.../HOBPortal/conf/server.xml, in line 87.

Security Solutions by HOB 15

Administering HOBLink VPN Gateway HOBLink VPN Gateway

Here you can find the path and name of the keystore as well as the password, which is hoblinkvpn by default.

3.1.3 Using your own SSL certificate

To use your own SSL certificate when connecting to HOB Portal, perform the following steps:

1. Create your Java keystore containing a valid certificate.

2. Edit the file server.xml accordingly.

3. Launch the process .../HOB/stopHOBPortal.sh and then the process .../HOB/startHOBPortal.sh in order to restart the HOBPortal server.

3.2 Administering HOBPortal

This set of screens is available to the root user or another user with the authority to manage the portal of HOBLink VPN Gateway. Logon to HOBLink VPN Gateway with the root user username and password. The following screen is displayed:

Figure 2: HOBLink VPN Portal

Information about the root user’s current status and permissions is provided here, as well as the quick links Manage Sessions and Manage the portal that are available to you. Only an administrator can use the quick link Add a new user. In addition, the title bar has the following icons that are on every page of the portal:

Home – returns you to this start screen from anywhere within the application.

Users – accesses the manage users screen.

Portal configuration – displays the portlet and page administration screen.

Service – displays the current status of the service.

Properties – displays the system properties page.

16 Security Solutions by HOB

HOBLink VPN Gateway Administering HOBLink VPN Gateway

Sessions – displays the manage sessions page. See Section 3.4 Sessions on page 19 for more information.

Auditing – displays the audit logs on screen.

Logs – displays the system logs on screen.

Help – displays the help that is available for this application.

Logout – logs you out of the application and returns you to the main

HOBLink VPN Gateway portal.

3.3 Users

When you access the quick link Add a new user you will see this screen. Here you can manage the users already configured in HOBLink VPN Gateway and add new users to the user list.

3.3.1 Add User

Figure 3: User

This tab allows you to add new the users to those that are already present in HOBLink VPN Gateway. You need to complete the following fields:

Username - enter the name assigned to this user in the system

Password - enter the password for confirming the identity of this user

Confirm password - enter the password again to confirm

User authorities - select the permissions from this list of permissions available to

the user. It is possible to select several permissions.

Enabled - check this box to activate this user in the user list.

Security Solutions by HOB 17

Administering HOBLink VPN Gateway HOBLink VPN Gateway

There are also two buttons:

click Reset to discard any edits and restore any previously entered information to this page.

click Add user to save any changes and add the new user to the user list

3.3.2 Users

The Users tab allows you to manage the already existing users. You will see this screen:

Figure 4: Manage Users

In this list of users you select the user from the list. Use the Edit and the Remove selected users buttons to manage selected users in the list.

use this button to edit the configuration of the selected user

this button deletes the selected user from the user list

18 Security Solutions by HOB

HOBLink VPN Gateway Administering HOBLink VPN Gateway

3.4 Sessions

When you access the quick link Manage sessions, you will see this screen. Here you manage the sessions in HOBLink VPN Gateway.

Figure 5: Sessions

Sessions that are currently open are displayed in the list. Details of the sessions such as username, authorities and last request time are shown. Sessions can be deleted by selecting the sessions to be removed and then using the Remove selected sessions button to remove them from this list.

Security Solutions by HOB 19

Administering HOBLink VPN Gateway HOBLink VPN Gateway

3.5 Portlets

When you access the quick link Manage the portal, you will see this screen. Here you manage portlets and pages. There are three tabs on this interface: Portlets,

Pages and New.

3.5.1 Portlets

When the Portlets tab is selected, the following screen is displayed:

Figure 6: Manage Portlets

Here you see the portlets currently available for use in the pages (showing the ID number, the context of the application and the name of each portlet).

3.5.2 Pages

Select the Pages tab to display the following screen where you manage pages.

Figure 7: Manage Pages

20 Security Solutions by HOB

HOBLink VPN Gateway Administering HOBLink VPN Gateway

Here the page configurations are displayed. The ID for each page as well as the portlets that are on each page are shown. If a page is to be deleted, select that page and click the Delete Selected button to remove it.

3.5.3 New

Select the New tab to display the following screen where you can create new pages.

Figure 8: Manage New Pages

For each new page you need to complete the following fields:

Name – enter a name for the new page.

Portlets – select from the list of existing portlets those that you wish to be included

on the new page.

Once you have finished entering the parameters, you have the following options:

click Add Page to create the new page.

click Reset to clear any previously entered information if you want to start configuring the page.

Security Solutions by HOB 21

Administering HOBLink VPN Gateway HOBLink VPN Gateway

3.6 Using the HOB Portal

When the HOBLink VPN Gateway Logon screen is displayed, you will see this screen:

Figure 9: Logon

Following the default installation, two default users are already configured:

 root (password = root) – the administrator user for the HOB Portal.

 vpnadmin (password = vpnadmin) – the VPN administrator user for

configuration and status information.

Figure 10: HOB Portal

The HOB Portal provides two portlets:

22 Security Solutions by HOB

HOBLink VPN Gateway Administering HOBLink VPN Gateway

 Kanji – the configuration tool (see Section 4 Configuring the Kanji GUI Tool on

page 25 for more information on this topic).

 VPN2 SI – this gives the current status information about the VPN gateway.

These portlets are configured in the HOB Portal pages. By default, the HOB Portal consists of two pages:

 VPN Gateway Configuration – see Section 5 Configuring HOBLink VPN

Gateway on page 29 for more information.

 VPN Gateway StatusInfo – see Section 5.12 VPN Gateway StatusInfo on

page 59 for more information.

HOB Portal – it is possible to return to the HOB Portal screen by clicking on this button.

- click this button on the right of the title bar for the following options:

 HOBLink VPN

- HOBLink VPN – displays an information page for HOB Portal authentication and management.

- Change password – allows you to change your administrator or user password.

- Log out – allows you to log out of the HOBLink VPN Portal.

 Open Console – opens a console for viewing logs and advanced options

for HOBLink VPN Gateway.

Security Solutions by HOB 23

Administering HOBLink VPN Gateway HOBLink VPN Gateway

24 Security Solutions by HOB

HOBLink VPN Gateway Configuring the Kanji GUI Tool

4 Configuring the Kanji GUI Tool

When you select HOBLink VPN Gateway Configuration in the HOB Portal for the first time, the following screen is displayed.

Figure 11: HOBLink VPN Gateway Start Screen

Locate the Edit command that is in the dropdown menu under View in the right hand corner of the start bar of this screen:

Figure 12: View, Edit, Help Menu

Selecting this command displays the interface (shown here) from where you can configure the portal using Kanji. Use the View command to return you to the HOBLink VPN Gateway configuration interface.

Figure 13: Kanji Portlet

Security Solutions by HOB 25

+ 58 hidden pages

HoB HOBLink Administration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual