You can use the web-based administration tool to create a connection with other ClearOS systems.
If you did not select this module to be included during the installation process, you must first install the module.
You can find this feature in the menu system at the following location:
The ClearSDN Dynamic VPN enhances the IPsec VPN experience with: i) support for dynamic IPs ii) automatic re-connections iii) easier and less error prone configuration.
Dynamic VPN support not only simplifies configuration, but also improves the up-time of the connections. In order to create a connection between to systems, you need to configure both ClearOS systems.
<note warning>If you are configuring a VPN connection between your local gateway and a remote gateway, then configure the remote gateway first. Once the VPN is started on the remote system it will only be accessible when the VPN connection is up.</note>
From the webconfig tool, click on <button>Create</button> in the Dynamic VPN Connections box. You need to:
On the first connection or when an IP address changes, it may take a minute for the connection to synchronize.
<note warning>The two LAN networks at either end of the VPN connection must not overlap!</note>
<note warning>The unmanaged VPN feature is not maintained by ClearCenter. We do not recommend using this feature in a production environment.</note>
If you are using static IP addresses, you can also configure unmanaged VPN connections. Please keep in mind, unmanaged VPNs have the following limitations:
Pick one server to be the “Headquarters” and the other to be the “Satellite”. This is just a naming convention – pick a convention and stick with it!
You must gather some network information for the IPsec server configuration, namely: the IP address, next hop (gateway), and network for both sides of the network. Make sure these settings are correct – you will save many hours of pain and frustration. The information for the local ClearOS system is shown when you start to configure an unmanaged VPN connection.
Once you have your network settings in hand, enter the information on both ends of the VPN connection. Enter a simple nickname for the connection along with a strong pre-shared secret. When configuring the other end of the VPN connection, do not be tempted to swap the Headquarters and Satellite information! The configuration screens on both ends of the connection will look exactly the same.
Start the IPsec server on both ends of the connection. Do not use Windows Network Networking to verify the VPN. Instead, make sure you can ping from:
If the connection fails, double check your network settings and restart your firewall.
The web-based administration tool does not support Road Warrior connections or interoperability with other IPsec servers. The software is capable of these configurations (including X.509 solutions), however, you must manually configure these connection types - a non-trivial task.
For road warriors/telecommuters, we suggest using the 128-bit encrypted PPTP VPN or more modern and certificated base OpenVPN. This option is not only more cost effective, but also easier to configure.
The IPsec protocol is an industry standard, but one with many of loose ends. This means that other IPsec servers may not be able to connect to a ClearOS IPsec server. If you are familiar with the command line environment, you may be able to successfully connect a ClearOS system to a third party system. You can find more information in the OpenSwan Interoperability Documentation.