How it Works
Novell
Loading...
S
V
X
Z
Loading...
Loading...
VPN CLIENT FOR LINUX
Table of contents
Loading...

Novell VPN CLIENT FOR LINUX USER AND ADMINISTRATOR GUIDE

Novell VPN Client for Linux User and Administrator Guide

Novell VPN Client for Linux
novdocx (ENU) 01 February 2006
1.0
July 17, 2006
www.novell.com
USER AND ADMINISTRATOR GUIDE
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
novdocx (ENU) 01 February 2006
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the online documentation for other Novell products, and to get updates,
see www.novell.com/documentation.
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (ENU) 01 February 2006
novdocx (ENU) 01 February 2006

About This Guide

This guide provides the information that you need to install and use Novell® VPN Client for Linux software.
The guide is divided into the following sections:
Chapter 1, “Understanding Novell VPN Client for Linux,” on page 7
Chapter 2, “Installing Novell VPN Client for Linux,” on page 9
Chapter 3, “Using the VPN Client for Linux,” on page 11
Appendix A, “Troubleshooting Novell VPN Client for Linux,” on page 21
Appendix B, “Error Codes,” on page 27
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
®
A trademark symbol ( trademark.
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
novdocx (ENU) 01 February 2006
When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
Documentation Updates
For the most recent version of the Novell VPN Client for Linux User and Administrator Guide, visit the Novell documentation Web site (http://www.novell.com/documentation).
User Comments
We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comment feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.
5
novdocx (ENU) 01 February 2006
6 Novell VPN Client for Linux User and Administrator Guide
1
Understanding Novell VPN Client
novdocx (ENU) 01 February 2006
for Linux
This chapter provides an introduction to Novell® VPN Client for Linux by explaining the following:
Section 1.1, “Introduction,” on page 7
Section 1.2, “Features,” on page 7
Section 1.3, “Requirements,” on page 8

1.1 Introduction

Novell VPN Client for Linux allows you to remotely access a corporate network. The virtual private network created between the client and the gateway helps you to communicate securely over the Internet using standard protocols. From your Linux workstation, you can connect to a network protected by
• Standard IPsec Gateway (supporting X.509)
• Nortel* Contivity Server
• Novell Security Manager powered by Astaro*

1.2 Features

1
Section 1.2.1, “General Features,” on page 7
Section 1.2.2, “Standard IPsec Gateway-Related Features,” on page 7
Section 1.2.3, “Nortel Contivity-Related Features,” on page 8

1.2.1 General Features

The following are the general features of the Novell VPN Client for Linux:
• Interface Options: Provides both graphical user interface (GUI) and command line interface (CLI) options for connection.
• Support for Network Address Translation (NAT) Traversal: Allows the VPN client to work from behind a NAT device.
•Profile Manager: An interactive feature that helps in creating, modifying, and deleting user­based profiles specific to the gateways.
• Non-root access: Users without root privileges can also use the VPN Client. For details, see
Section 3.1.2, “Non-Root Access,” on page 11.

1.2.2 Standard IPsec Gateway-Related Features

• Certificate Mode of Authentication: Lets you authenticate using x.509 certificates (.pfx format).

Understanding Novell VPN Client for Linux

7

1.2.3 Nortel Contivity-Related Features

• Radius Authentication: Lets you authenticate based on the credentials stored in the Radius server.
• IP Address Assignment: Assigns an IP address to the VPN client connecting to the gateway.
• Dead Peer Detection: Detects and informs if the Nortel gateway is not responding.

1.3 Requirements

The following are the minimum system requirements needed for the VPN Client for Linux to operate:
PC with Pentium* III or higher processor
SUSE
10 MB in /opt and 10 MB in /usr
128 MB RAM
Monitor resolution of 1024 x 768 pixels
®
Linux Enterprise (SLED) Desktop 10
novdocx (ENU) 01 February 2006
8 Novell VPN Client for Linux User and Administrator Guide
2
Installing Novell VPN Client for
novdocx (ENU) 01 February 2006
Linux
This chapter provides the following information on how to install the Novell® VPN Client for Linux:
Section 2.1, “Installing the Novell VPN Client for Linux,” on page 9
Section 2.2, “Uninstalling Novell VPN Client for Linux,” on page 10
Section 2.3, “Package Description,” on page 10

2.1 Installing the Novell VPN Client for Linux

Section 2.1.1, “Prerequisites,” on page 9
Section 2.1.2, “Installation,” on page 9
Section 2.1.3, “Checking the Installation,” on page 10

2.1.1 Prerequisites

All IPsec packages (for example FreeS/WAN or IPsec-tools) on your system are uninstalled.
IPsec-tools on your system cannot coexist with the IPsec-tools RPM that gets installed during the VPN Client installation.
2
• To check for any previously installed IPsec tools, enter
rpm -qa ipsec-tools
• To uninstall IPsec tools, enter
rpm -e ipsec-tools
You have root privileges.
VPN Client RPM can be installed only with root privileges.
If firewall rules are already configured on the VPN Client machine, ensure that the you have
the following ports open:
UDP-500 UDP-4500
This is necessary because the VPN connection goes through these ports. For more information, see Section A.3.6, “Firewall Issues,” on page 24.

2.1.2 Installation

The VPN Client for Linux can be installed using the Novell Applications pattern in YaST. The VPN Client is not installed by default with SUSE
1 Launch the YaST Control Center.
®
Linux Enterprise Desktop.

Installing Novell VPN Client for Linux

9
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
2 If you are not logged in as root, type the root password, then click Continue.
3 Click Software in the left column, then click Software Management in the right column.
4 Click Patterns in the Filter drop-down list.
5 Select Novell Applications in the left column, then select turnpike in the right column.
6 Click Accept to install the selected packages.
YaST displays the progress of the package installation.
7 (Conditional) If a message informs you that other package selection have been made to resolve
dependencies, click Continue.
8 (Conditional) If a message prompts you to insert a SUSE Linux CD, put the CD in the CD-
ROM drive, then click OK.
9 After all the packages have been installed, click Close to close the YaST Control Center.

2.1.3 Checking the Installation

novdocx (ENU) 01 February 2006
When the VPN Client for Linux is installed on your system, the IKE starts running and the VPN Login icon appears in the SLED menu.
GNOME: Click Computer > More Applications > System > VPN Login.
KDE: Click the menu button > System > VPN Login.
If you are a CLI user, enter the following command to determine if the VPN Client for Linux is installed on your system:
rpm -qi turnpike
NOTE: Currently GNOME and KDE are the supported desktops.

2.2 Uninstalling Novell VPN Client for Linux

1 Enter the following to uninstall the Nortel plug-ins:
rpm -e nortelplugins
2 Enter the following to uninstall the IPsec-tools:
rpm -e ipsec-tools
3 Enter the following to uninstall VPN Client:
rpm -e turnpike

2.3 Package Description

The package description provides the detailed information about the files that are installed as part of VPN Client installation. Run the following command to view the package description:
rpm -qlp rpm
10 Novell VPN Client for Linux User and Administrator Guide
3

Using the VPN Client for Linux

This chapter provides the following information to help you effectively set up and use Novell® VPN Client for Linux:
Section 3.1, “Access Information: Who Can Use the VPN Client,” on page 11
Section 3.2, “Connection Profiles,” on page 12
Section 3.3, “Establishing a VPN Connection,” on page 16

3.1 Access Information: Who Can Use the VPN Client

Section 3.1.1, “Root Access,” on page 11
Section 3.1.2, “Non-Root Access,” on page 11
novdocx (ENU) 01 February 2006
3

3.1.1 Root Access

Super user can directly access VPN.

3.1.2 Non-Root Access

“users Group Users” on page 11
“Non-users group Users” on page 11
users Group Users
All users belonging to the primary group users created by root can use VPN client. By default, all users belong to this group.
Non-users group Users
If users is not the primary group of those users who require VPN access, non-root access can be allowed by doing the following:
1 Log in as root.
2 Open the /etc/racoon/racoon.conf file.
3 Replace users with the name of the group that requires VPN access.
Using the VPN Client for Linux
11
4 Restart IKE by entering the following command:
/etc/init.d/racoon restart
The root cannot allow multiple groups to use VPN client. So, if a new group is permitted by modifying racoon.conf, only users belonging to that group can access VPN.

3.2 Connection Profiles

Connection profiles comprise a unique configuration of the parameters used for making a successful VPN connection. Each profile in XML format is saved as a .prf file. VPN Client provides a Profile Manager to help you with the connection profiles.
The Profile Manager helps you create, edit, or delete profiles. While editing profiles, you are not allowed to change the profile names.
NOTE: You cannot create profiles using CLI. Therefore, use the Profile Manager to create and modify profiles.
Section 3.2.1, “Creating a Profile for Connecting to the Standard IPsec Gateway,” on page 12
Section 3.2.2, “Creating a Profile for Connecting to the Nortel Contivity Server,” on page 14
Section 3.2.3, “Editing a Profile,” on page 15
novdocx (ENU) 01 February 2006
Section 3.2.4, “Deleting a Profile,” on page 15

3.2.1 Creating a Profile for Connecting to the Standard IPsec Gateway

1 Open the VPN Client for Linux dialog.
GNOME: Click Computer > More Applications > System > VPN Login.
KDE: Click the main menu > System > VPN Login.
2 In the Profile name drop-down list, select Profile manager.
3 Click Add to create a profile.
4 In the Profile name field, specify a name for the profile.
12 Novell VPN Client for Linux User and Administrator Guide
Loading...
+ 25 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use