Page 121 / 139
Scroll up to view Page 116 - 120
Settings for Main office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.20
LAN IP:
192.168.1.1
, Subnet mask:
255.255.255.0
2.
Setup PPTP server,
Firewall->VPN:
Under L2TP / PPTP Server click
Add new PPTP server
Name the server
pptpServer
Leave Outer IP and Inner IP blank
Set client IP pool to
Check
Proxy ARP dynamically added routes
Check
Use unit’s own DNS relayer addresses
Leave WINS settings blank
Under authentication
MSCHAPv2
should be the only checked option.
Under MPPE encryption
128 bit
should be the only checked option.
Leave
Use IPsec encryption
unchecked
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Set up authentication source,
Firewall->Users
:
Select
Local database
Click
Apply
5.
Add a new user,
Firewall->Users
:
Under
Users in local database
click
Add new
Name the new user
HomeUser
Enter password:
1234567890
Retype password:
1234567890
Page 122 / 139
122
Leave static client IP empty (could also be set to eg 192.168.1.200. If no IP is set
here the IP pool from the PPTP server settings are used).
Click
Apply
6.
Click
Activate
and wait for the firewall to restart.
This example will allow
all
traffic from the client to the main office network. To get a more
secure solution read the
Settings for the Main office
part of
A more secure LAN-to-LAN
VPN solution
section in this chapter.
Page 123 / 139
Windows XP client and L2TP server
The Windows XP client to L2TP server setup is quite similar to the PPTP setup above.
Settings for the Windows XP client
To setup a L2TP connection from Windows XP to the Main office firewall, you can follow
the steps in the PPTP guide above for the client side. The only changes from that guide is:
1.
In step 13, change the
Type of VPN
to
L2TP IPsec VPN
.
Page 124 / 139
124
2.
Select the
Security
tab and click
IPsec Settings
3. Check
Use pre-shared key for authentication
, type the key and click
OK
Page 125 / 139
Settings for Main office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.20
LAN IP:
192.168.1.1
, Subnet mask:
255.255.255.0
2.
Setup L2TP server,
Firewall->VPN:
Under L2TP / PPTP Server click
Add new L2TP server
Name the server
l2tpServer
Leave Outer IP and Inner IP blank
Set client IP pool to
Check
Proxy ARP dynamically added routes
Check
Use unit’s own DNS relayer addresses
Leave WINS settings blank
Under authentication
MSCHAPv2
should be the only checked option
Under MPPE encryption
None
should be the only checked option
Check the
Use IPsec encryption
box
Enter the pre-shared key,
1234567890
, and retype same pre-shared key
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Set up authentication source,
Firewall->Users
:
Select
Local database
Click
Apply
5.
Add a new user,
Firewall->Users
:
Under
Users in local database
click
Add new
Name the new user
HomeUser
Enter password:
1234567890
Retype password:
1234567890
19216811.live