I need host to lan how to…

Home Page Forums Network Management ZeroShell I need host to lan how to…

This topic contains 5 replies, has 0 voices, and was last updated by  hack2003 10 years, 4 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #40635

    hack2003
    Member

    Im using zeroshell as my router cause my modem (ECI 312+) is getting stuck on router mode.
    and i want to use his host to lan vpn feature but i dont now a thing about what certification to export and how to import on windows xp pro.
    dont now if my vpn connection settings is ok and if my certification is fine.

    so my steps was like this. (i have windows in hebrew and i googled the net for some manuals about those things and now im writing so i now the steps but cant remember the tabs and other stuff on english so sorry).
    got into x.509 CA opened setup and configured my own settings as name Validity country state Organization and E-Mail Address then i press genterate.
    the if bla bla was there and i press the OK button.
    then i got into users>groups and added a group named VPN with gid as 65555.
    got into users>users>add> set name, password, group gid as VPN, first and last name, the kerobros 5, host-to-lan and the 802.x was marked then press submit.
    a screen of certification thing apears then i generated a pfx certification.

    now i added the certification in two ways to my computer.(notice that i have only one user on my computer)
    the first is double click on the file then by the wizard next>next>next>next>finish.
    then using mmc>add snap in>add>certification>computer account>next>finish>close>ok>expand the certification thing>personal>certifications>right click>all task>import>next>choose the generated file>next>next with no password>marking choose automaticly…>next>finish>ok>file>exit>save file as console1 on my g drive and ok.

    on the client side opened in the firewall port number 1701.
    making a new connection in windows xp.
    new conncetion >next>connect to my work bla bla>vpn>company name as vpn>next>the server ip number>next>finish.
    the connection properties>security>mark advanced>settings>use ms-chap v2>ok>netwrok something>vpn type as l2tp>ok.
    in the user name im writing my user as “elico”
    and my password.
    then connect.
    now im getting a 792 error some thing with security.

    am i wrong in any thing?

    #45373

    imported_fulvio
    Participant

    using mmc>add snap in>add>certification>computer account>next>finish>close>ok>expand the certification thing>personal>certifications>right click>all task>import>next>choose the generated file>next>next with no password>marking choose automaticly…>next>finish>ok>file>exit>save file as console1 on my g drive and ok

    After this step you have to import the Certification Authority X.509 certificate to allow Windows XP to verify the VPN box server certificate.

    #45374

    hack2003
    Member

    ok my server is like this:
    eth000: is the network interface that conneted to a switch and to the switch connected 4 computers.
    zeroshell address there is 192.168.0.1 and he is a dhcp server for the 4 computers.

    eth001: is connected to a dsl modem and zeroshell server is connecting using pppoe on this port to the internet.

    there is nat between the pppoe and the eth001.

    how someone that connected to the vpn server can access to the internal network that connected to eth000?

    #45375

    hack2003
    Member

    please respond after over somthing like 8 hours the dhcp goes down.
    can someone plese try to do it with another comuter with the same settings?

    #45376

    imported_fulvio
    Participant

    I am running your configuration on a WRAP with 128MB of RAM and I never had a dhcp problem.
    How many MBytes of RAM do you have on your hardware?
    Why don’t you try with an alternative type of hardware?

    Fulvio

    #45377

    hack2003
    Member

    by the way at my work im testing the server on a computer with 3 Ethernet cards 1 is for the web interface and the other 2 are bridged and there is nothing wrong there with the dhcp running on the first card.

    #45378

    @hack2003 wrote:

    Im using zeroshell as my router cause my modem (ECI 312+) is getting stuck on router mode.
    and i want to use his host to lan vpn feature but i dont now a thing about what certification to export and how to import on windows xp pro.
    dont now if my vpn connection settings is ok and if my certification is fine.

    so my steps was like this. (i have windows in hebrew and i googled the net for some manuals about those things and now im writing so i now the steps but cant remember the tabs and other stuff on english so sorry).
    got into x.509 CA opened setup and configured my own settings as name Validity country state Organization and E-Mail Address then i press genterate.
    the if bla bla was there and i press the OK button.
    then i got into users>groups and added a group named VPN with gid as 65555.
    got into users>users>add> set name, password, group gid as VPN, first and last name, the kerobros 5, host-to-lan and the 802.x was marked then press submit.
    a screen of certification thing apears then i generated a pfx certification.

    now i added the certification in two ways to my computer.(notice that i have only one user on my computer)
    the first is double click on the file then by the wizard next>next>next>next>finish.
    then using mmc>add snap in>add>certification>computer account>next>finish>close>ok>expand the certification thing>personal>certifications>right click>all task>import>next>choose the generated file>next>next with no password>marking choose automaticly…>next>finish>ok>file>exit>save file as console1 on my g drive and ok.

    on the client side opened in the firewall port number 1701.
    making a new connection in windows xp.
    new conncetion >next>connect to my work bla bla>vpn>company name as vpn>next>the server ip number>next>finish.
    the connection properties>security>mark advanced>settings>use ms-chap v2>ok>netwrok something>vpn type as l2tp>ok.
    in the user name im writing my user as “elico”
    and my password.
    then connect.
    now im getting a 792 error some thing with security.

    am i wrong in any thing?

    _______________________

    For zeroshell CA configurations please use documentation link on the main page.

    I will assume you did everything correct with the zeroshell CA and exported your host certificate (pkcs #12, der or pem file to your remote computer, example hostname.pfx) and now you want to configure windows XP or Vista computer.
    _______Part 1 of 4_______
    Log on an Administrator Account and use the Run. Type “MMC” and when the console opens click, File-Add/Remove Snap-in.

    Click Add-Certificates-Add-“Computer Account”
    Click Next-Local Computer-Finish

    Once again,
    Click Add-Certificates-Add-“Service Account”
    Click Next-Local Computer-Next-IPSEC Services-Finish

    Now
    Click OK, Expand “Certificates(Local Computer)”
    Right Click Personal-All Tasks-Import…-“hostname.pfx“-Next-Next-Automatically Select Certificate Store-Next-Finish

    Expand “Certificates(Local Computer)”-Personal-Certificates
    Now you should see your “hostname
    _______Part 2 of 4_______

    Now
    Click OK, Expand “Certificates – Service (IPSEC Services) on Local Computer”
    Right Click PolicyAgentPersonal-All Tasks-Import…-“hostname.pfx“-Next-Next-Automatically Select Certificate Store-Next-Finish

    Expand “Certificates – Service (IPSEC Services) on Local Computer”-PolicyAgentPersonal-Certificates
    Now you should see your “hostname
    _______Part 3 of 4_______

    Last detail you need to import is the Trusted Root Certification Authorities or your “Zeroshell CA”.

    Easy method is to:
    Export the der or pem file from your Zeroshell CA to your computer (Zeroshell_CA.der)

    Expand “Certificates(Local Computer)”
    Right Click Trusted Root Certification Authorities-Certificates-All Tasks-Import…-“Zeroshell_CA.der“-Next-Next-Place all certificates in the following store-Trusted Root Certification Authorities-Next-Finish

    Now
    Expand “Certificates(Local Computer)”-Trusted Root Certification Authorities-Certificates
    Now you should see your “Zeroshell_CA
    _______Part 4 of 4_______

    Review:
    You should see the hostname of your computer in 2 places,
    Certificates(Local Computer)-Personal-Certificates
    &
    Certificates – Service (IPSEC Services) on Local Computer-PolicyAgentPersonal-Certificates

    You should see the Zeroshell_CA in 2 places
    Certificates (Local Computer)-Trusted Root Certification Authorities-Certificates
    &
    Certificates – Service (IPSEC Services) on Local Computer-PolicyAgentTrusted Root Certification Authorities-Certificates

    Note: When you add the Zeroshell_CA to the Certificates(Local Computer) it gets added by default to Certificates – Service (IPSEC Services) but if it doesn’t you need to manually add it like we did with the other one.

    Note: After completing these steps you can Create a vpn connectoid for Windows Vista & Windows XP with the default settings. In the Networking tab you should select L2TP IPSec VPN. Under Security use Typical(recommended settings) with checkbox Require data encryption (disconnect if none).
    _________________________

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.