Local address, Remote networks, Authentication – equinux VPN Tracker 8.1.1 User Manual
Page 45
Related Settings: Basic > Local Address, Basic > Network Configuration, Ba-
sic > Remote Networks
Availability: Not available with Cisco EasyVPN and SonicWALL Simple Client
Provisioning. Network to Network requires VPN Tracker Pro.
VPN Gateway Setting: Set default route as this gateway (SonicWALL), Allow
all traffic through tunnel (WatchGuard), or determined implicitly by VPN
endpoints.
Local Address
The local address is the IP address that the Mac running VPN Tracker uses in
the remote network when connected through VPN
If the local address is left empty, the current IP address of the Mac's en0 net-
work interface will be used. Since this is most likely a private IP address, it is
not unique worldwide. In order to avoid situations where two clients coming
in through VPN using the same IP,
do not leave the local address empty
when you have multiple VPN users. In that case, always set a unique local
address for each client.
The local address should be from a
→ private subnet, and must not be part of
the remote network(s) of the VPN connection (unless the documentation of
your VPN gateway specifically instructs you to do so
2
).
Related Settings: Basic > Topology, Basic > Network Configuration
Availability: Not available when an automatic configuration method is being
used. When a Network to Network topology is used, the setting is called “Lo-
cal Networks” and describes the local network(s) to which the VPN tunnel
applies.
VPN Gateway Setting: Remote (IP) address, peer (IP) address, remote end-
point, remote network
Remote Networks
The network(s) the VPN connects to
. Traffic destined for these network(s) will
be tunneled over the VPN.
The network(s) can be entered in CIDR notation (e.g. 192.168.42.0/24) or – for
IPv4 connections – using the subnet mask (e.g. 192.168.42.0/255.255.255.0).
Always make sure you are using a correct network address. VPN Tracker will
try to help you with this, so it might change your input to turn it into a correct
network address. Please double check the changes that VPN Tracker made,
and correct them if necessary.
Related Settings: Advanced > Phase 2 > Establish a separate tunnel for
each remote network, (Cisco only) Advanced > Interoperability > Cisco >
Establish a shared tunnel to 0.0.0.0/0 for split-tunneling
Availability: Not available when EasyVPN or SonicWALL Simple Client Provi-
sioning are used. For these setups, the VPN gateway supplies the networks.
When a Host to Host topology is used, the setting is called “Remote Address”
and describes the single remote address the VPN tunnel applies to.
VPN Gateway Setting: Local (IP) address, local endpoint, local network
Authentication
The authentication method VPN Tracker uses. Three methods are available:
Pre-Shared Key
The VPN client is authenticated using a shared password, the pre-shared key.
This is the most commonly used authentication method.
It is possible to store the pre-shared key in the OS X keychain, or be prompted
every time the VPN connections.
45
1 In IPsec terms: the local endpoint of the IPsec Security Association (SA)
2 Such VPN gateways typically have you configure a specific IP address for the client to use and/or have a setting called “Proxy ARP” or “Tie remote stations into the LAN”
3 In IPsec terms: the remote endpoint of the IPsec Security Association (SA)