NETGEAR DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router Use Manual
Using certificates as authentication method for vpn connections between netgear prosafe routers and the prosafe vpn client
Hide thumbs
Also See for DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router:
- Reference manual (227 pages) ,
- Configuration (10 pages) ,
- Network setup manual (8 pages)
Advertisement
Quick Links
Using certificates as authentication method for VPN connections between
Netgear ProSafe Routers and the ProSafe VPN Client
This document describes how to use certificates as an authentication method when establishing a
VPN Client-to-Box connection.
Version 2.0
Advertisement
Related Manuals for NETGEAR DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router
Summary of Contents for NETGEAR DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router
- Page 1 Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client This document describes how to use certificates as an authentication method when establishing a VPN Client-to-Box connection. Version 2.0...
-
Page 2: Preliminary Notes
Preliminary notes: If for your particular deployment you are not using an external CA (Certificate Authority) you will need to create your own CA. Some alternatives on how to achieve this are outlined below, but they are not exclusive to other methods: OpenSSL: http://www.openssl.org, SimpleCA: http://www.vpnc.org/SimpleCA/... - Page 3 2- Netgear doesn’t support ST relative distinguish name so please edit the openssl.cfg (in the original location and in your new CA folder) to avoid using this parameter. From the guide linked above, you need only to execute all the commands up to step 4.
- Page 4 6- Sign your certificate request using your newly created CA: Openssl x509 -req -days 365 -in router1.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial - out router1.crt router1.csr – generated self certificate request (router), cacert.crt – CA certification, cakey.pem – CA keys, router1.crt –...
- Page 5 9- Next – generate certificate request using Certificate Manager which is built-in functionality of Netgear’s ProSafe VPN Client following these steps: First, click on Request Certificate. Then, click on ‘Yes’ when you get the file- based request prompt. For last, input the settings like instructed in the screenshot.
- Page 6 10- Rename the generated certificate request from:”CertReq.req” to “client1.csr”. 11- Sign your certificate request using your newly created CA: openssl x509 -req -days 365 -in client1.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial -out client1.crt client1.csr – generated self certificate request (client), cacert.crt –...
- Page 7 14- Create a new VPN connection according to these steps: First, input your own details in the same way that is instructed here and click on Edit Name. Verify your settings are input correctly in this screen and click on OK. Select the correct certificate, leave the ID Type as Distinguished Name.
- Page 8 In the Security Policy section, verify your settings match those in this screenshot. For the “Proposal 1” of the Authentication phase (Phase 1), the Authentication Method should be RSA Signatures. The Key Exchange Proposal should be correct by default, but check it to make sure it matches the settings on the screenshot nonetheless.
- Page 9 1. Create IKE and VPN policies on your router using VPN Wizard. 2. Delete the VPN Policy, leaving the IKE policy. 3. Create new record for Mode Config in the following way: Note: IP address ranges defined in: First, Second and Third Pool should be different then router’s own LAN IP address range.