1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DSR-500N
    5. /
  5. 30
Page 146 / 270 Scroll up to view Page 141 - 145
Unified Services Router
User Manual
144
Figure 96: List of Available Applicatio ns for SSL Port Forwarding
7.4
SSL VPN Client Configuration
Setup > VPN Settings > SSL VPN Client > SSL VPN Client
An SSL VPN tunnel client provides a point-to-point connection between the browser-
side machine and this router. When a SSL VPN client is launched from the user
portal, a "network adapter" with an IP a ddress from the corporate subnet, DNS and
WINS settings is automatically created. This allows local applications to access
services on the private network without any special network configuration on the
remote SSL VPN client machine.
It is important to ensure that the virtual (PPP) interface address of the VPN tunnel
client does not conflict with physical devices on the LAN. The IP address range for
the SSL VPN virtual network adapter should be either in a different subnet or non -
overlapping range as the corporate LAN.
The IP addresses of the client’s network interfaces (Ethernet, Wireless, etc.) cannot
be identical to the router’s IP address or a server on the corporate LAN that is
being accessed through the SSL VPN tunnel.
Page 147 / 270
Unified Services Router
User Manual
145
Figure 97: SSL VPN clie nt adapte r and acce ss configuratio n
The router allows full tunnel and split tunnel support. Full tunnel mode just sends all
traffic from the client across the VPN tunnel to the router. Split tunnel mode only
sends traffic to the private LAN based on pre-specified client routes. These client
routes give the SSL client access to specific private networks, thereby allowing access
control over specific LAN services.
Client level configuration supports the following:
Enable Split Tunnel Su pport:
With a split tunnel, only resources which are
referenced by client routes can be accessed over the VPN tunnel.
With full
tunnel support (if the split tunnel option is disabled the DSR acts in full
tunnel mode) all addresses on the private network are accessible over the
VPN tunnel.
Client routes are not required.
DNS Suffix: The DNS suffix name which will be given to the SSL VPN
client. This configuration is optional.
Primary DNS Server: DNS server IP address to set on the network adaptor
created on the client host. This configuration is optional.
Secondary DNS Server: Secondary DNS server IP address to set on the
network adaptor created on the client host. This configuration is optional.
Client Address Range Begin: Clients who connect to the tunne l get a DHCP
served IP address assigned to the network adaptor from the range of addresses
beginning with this IP address
Client Address Range End: The ending IP address of the DHCP range of
addresses served to the client network adaptor.
Page 148 / 270
Unified Services Router
User Manual
146
Setup > VPN Settings > SSL VPN Client > Configured Client Routes
If the SSL VPN client is assigned an IP address in a different subnet than the
corporate network, a client route must be added to allow access to the private LAN
through the VPN tunnel. As well a static rout
e on the private LAN’s firewall
(typically this router) is needed to forward private traffic through the VPN Firewall to
the remote SSL VPN client. When split tunnel mode is enabled, the user is required to
configure routes for VPN tunnel clients:
Destination network: The network address of the LAN or the subnet
information of the destination network from the VPN tunnel clients’
perspective is set here.
Subnet mask: The subnet information of the destination network is set here.
Figure 98: Configure d clie nt route s only apply in split tunne l mode
Steps to Install/Uninstall SSLVPN tunnel in MAC OS
1.Open terminal and run "visudo" as root and it will open sudoers file
2. Add "username ALL=NOPASSWD: /usr/sbin/chown,/ bin/chmod,/bin/rm" at the
bottom of the sudoers file, save and close the file. (Username is the user name of
the MAC account but not SSLVPN user name).
While uninstalling SSLVPN tunnel, when it asks for password, enter the MAC user
account password but no t root password or sslvpn user password
Page 149 / 270
Unified Services Router
User Manual
147
7.5 User Portal
Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal
When remote users want to access the private network through an SSL tunnel (either
using the Port Forwarding or VPN tunnel service), they log in through a user portal.
This portal provides the authentication fields to provide the appropriate access levels
and privileges as determined by the router administrator. The domain where the user
account is stored must be specified, and the domain determines the authentication
method and portal layout screen presented to the remote user.
Figure 99: List of configure d SSL VPN portals. The configure d portal
can the n be associate d with an authe ntic atio n domain
7.5.1 Creating Portal Layouts
Setup > VPN Settings > SSL VPN Server > Portal Layouts
The router allows you to create a custom page for remote SSL VPN users that is
presented upon authentication. There are various fields in the portal that are
customizable for the domain, and this a llows the router administrator to
communicate details such as login instructions, available services, and other usage
details in the portal visible to remote users. During domain setup, configured portal
layouts are available to select for all users authen ticated by the domain.
The
default
portal
LAN
IP
address
is
bin/userPortal/portal.
This is the same page that opens when the “User Portal”
link is clicked on the SSL VPN menu of the router GUI.
The router administrator creates and edits portal layouts from the configuration pages
in the SSL VPN menu. The portal name, title, banner name, and banner contents are
all customizable to the intended users for this po rtal. The portal name is appended to
Page 150 / 270
Unified Services Router
User Manual
148
the SSL VPN portal URL. As well, the users assigned to this portal (through their
authentication domain) can be presented with
one or more of the router’s supported
SSL services such as the VPN Tunnel page or Port Forwa rding page.
To configure a portal layout and theme, following information is needed:
Portal layout name: A descriptive name for the custom portal that is being
configured. It is used as part of the SSL portal URL.
Portal site title: The portal web browser window title that appears when the
client accesses this portal. This field is optional.
Banner title: The banner title that is displayed to SSL VPN clients prior to
login. This field is optional.
Banner message: The banner message that is displayed to SSL VPN clients
prior to login. This field is optional.
Display banner message on the login page: The user has the option to either
display or hide the banner message in the login page.
HTTP meta tags for cache control: This security feature prevents expired web
pages and data from being stored in the client’s web browser cache.
It is
recommended that the user selects this option.
ActiveX web cache cleaner: An ActiveX cache control web cleaner can be
pushed from the gateway to the client browser whenever users login to this
SSL VPN portal.
SSL VPN portal page to display: The User can either enable VPN tunnel page
or Port Forwarding, or both depending on the SSL services to display on this
portal.
Once the portal settings are configured, the newly configured por tal is added to the
list of portal layouts.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top