7: Networking
EMG™ Edge Management Gateway User Guide
126
3. To save, click
Apply
button.
More Actions on the VPN page:
To see details of the VPN tunnel connection, including the cryptographic algorithms used,
select the
View Detailed Status
link.
To see the last 200 lines of the logs associated with the VPN tunnel, select the
View VPN
Logs
link.
To see the RSA public key for the EMG (required for configuring the remote host if RSA Public
Keys are being used), and the RSA public key for the remote peer, select the
View console
manager and Remote Peer RSA Public Key
link.
Custom ipsec.conf
Configuration
A custom ipsec.conf file can be uploaded to the EMG. This file can include
any of the strongSwan options which are not configurable from the UIs. The
ipsec.conf file should include one
conn <Tunnel Name>
section which
defines the tunnel parameters. An ipsec.conf file containing more than one
conn
section will be rejected for upload.
When a custom ipsec.conf file has been uploaded to the console manager,
any VPN options configured via the UIs (with the exception of authentication
tokens, see below) are ignored, and the UIs will not display the options
given in the custom ipsec.conf file.
A description of the format of the ipsec.conf file as well as all strongSwan
. The EMG uses strongSwan version 5.6.3, so not
all options listed in the strongSwan ipsec.conf documentation will be
supported by the EMG.
Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates)
required by the custom ipsec.conf must be configured through the EMG UIs,
and must be configured or installed before a tunnel is brought up with an
uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf
file, the authentication tokens required for the
authby
parameter are
verified to exist before the tunnel is started. For example, if
authby=rsasig,
the EMG will verify that the EMG RSA public/private
key has been generated and that the peer RSA public key has been
uploaded.
To upload a custom ipsec.conf file, select the
Upload File
link next to the
Uploaded Configuration field. The file name should not contain '/', '\', ':', '*',
'?', '"', '<', '>', '|' characters.
To delete an uploaded custom ipsec.conf file, select the
Delete
Configuration File
checkbox next to the Uploaded Configuration field.
To view an uploaded custom ipsec.conf file, select the
View Configuration
link next to the Uploaded Configuration field. If a file has been uploaded it
will be displayed; otherwise the auto-generated file will be displayed if it
exists. The file is auto-generated when a tunnel is enabled (if a custom file
has not been uploaded).
To download the current in-use ipsec.conf file (either the ipsec.conf file
automatically generated by the EMG or an uploaded custom ipsec.conf file),
select the
Download Configuration
button. Downloading the ipsec.conf file
automatically generated by the EMG is a good starting point for adding
extra VPN options; the tunnel must be enabled in order for the EMG to auto-
generate an ipsec.conf file that can be downloaded.
Tunnel Restart
If enabled, the watchdog program will automatically restart the VPN tunnel
when the tunnel goes down.
Email Address
Email address to receive email alerts when the tunnel goes up or down.
Summary of Contents for EMG 7500
Page 100: ...7 Networking EMG Edge Management Gateway User Guide 100 Figure 7 5 Network Wireless Settings ...
Page 353: ...15 Maintenance EMG Edge Management Gateway User Guide 353 Figure 15 12 About EMG ...
Page 474: ...EMG Edge Management Gateway User Guide 474 Figure E 3 EU Declaration of Conformity ...
Page 475: ...EMG Edge Management Gateway User Guide 475 Figure E 4 EU Declaration of Conformity continued ...