Description:
This document describes how certificates created by LANCOM Smart Certificat=
e are used for a certificate-based VPN client connection.
1) Enable the CA function in the LAN=
COM router
1.1) In LANconfig, open the configuration dialog for the LANCOM router and =
switch to the menu item Certificates =E2=86=92 Cert. authority (CA)=
.
1.2) Set a check mark for the option Certificate authority (CA) act=
ive. The LANCOM router functions as the root certificate a=
uthority (root CA).
2) Upload of the router certificate =
to the LANCOM router
2.1) Right-click on the LANCOM router in LANconfig and sel=
ect the option Configuration management =E2=86=92 Upload certificat=
e or file.
2.2) In the following dialog select the certificate file intended f=
or the LANCOM router.
2.3) In the certificate type field, select a VPN c=
ontainer.
2.4) In the Cert. password box enter the password =
for the certificate file. Click on Open to start =
the upload.
3) Configure the certificate-based V=
PN client connection on the LANCOM router
3.1) Start the Setup Wizard in LANconfig and select the op=
tion Provide remote access (RAS, VPN).
3.2) Select the option VPN connection over the Internet.
3.3) Disable the option ... 1-Click VPN.
3.4) In this example, we do not use IPSec-over-HTT=
PS.
3.5) Enter a name for the new VPN connection.
3.6) In the next dialog, specify the public IP address or DNS name =
of the LANCOM router.
3.7) For this connection, select the option Certificates (RSA signa=
ture) and Main mode for VPN connection authentication.
3.8) In the next dialog box you enter the identities of the certifi=
cates.
- As the local identity, enter the name of the certificate in the=
LANCOM router.
- As the remote identity, enter the name of the certificate in th=
e VPN client.
3.9) Enter a local IP address for the LANCOM Advanced VPN Client.
3.10) In this example, all of the local IP addresses should be avai=
lable to the VPN client.
3.11) NetBIOS is not used in this example=
.
3.12) In the dialog that follows, specify the path where the VPN pr=
ofile file (*.ini) is to be stored.
3.13) Click on Finish to conclude the Setup Wizard. The co=
nfiguration is written back to the LANCOM router, the VPN profile file is c=
reated and saved to the specified directory.
4) Importing the VPN client certific=
ate into the LANCOM Advanced VPN Client
4.1) In the LANCOM Advanced VPN Client, open the option Configurati=
on =E2=86=92 Certificates.
4.2) Create a new certificate configuration using the Add button.
4.3) Enter a name for the new certificate configuration.
- In the Certificate field, select the option fr=
om PKCS#12 file
- In the PKCS#12 file name field, set the path t=
o the certificate file for the VPN client.
- For better security, this example requires the password of the VPN client certificate to be entered before each connectio=
n over VPN.
5) Import the *.ini file and the con=
figuration of the VPN connection into the LANCOM Advanced VPN Client
5.1) In the LANCOM Advanced VPN Client open the option Configuratio=
n =E2=86=92 Profiles and click Add/import.
5.2) Select the option Profile import.
5.3) Set the path to the VPN profile file that was created=
in the step of 3.13.
5.4) Click on Finish to conclude the import.
5.5) Select the imported profile and then click Ne=
xt.
5.6) Change to the Identities menu and deselect th=
e Pre-shared key option.
5.7) You need to set the Certificate configuration to the =
certificate configuration created in step 5.3 (in this cas=
e: Cert).
5.8) This concludes the configuration. Close the dialogs of the LANCOM Adva=
nced VPN Client with OK.
6) Function check:
6.1) In the LANCOM Advanced VPN Client, click the Connection button.
6.2) Enter the password that you assigned to the VPN-clien=
t certificate.
6.3) The VPN connection will be established and is ready for use.
|