Paul,
When you say that....
o PSN is now an optional feature for GNAT Box Light
it can be enabled with an activation code.
o IPSec VPN is an optional feature for GNAT Box Light
it can be enabled with an activation code.
What does it take to get an activation code?
Thanks, Peter
----- Original Message -----
From: "Paul Emerson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 15, 2000 7:05 PM
Subject: GNAT Box 3.0.2 Release Notes
> Send postings to: [EMAIL PROTECTED]
> Access the list archives at:
> http://www.gnatbox.com/gb-users/
> ----------------------------------
>
> Here are the release notes for GNAT Box 3.0.2.
>
>
>
> Title: Release Notes
> Product: GNAT Box 3.0.2
> Date: Feb 2000
>
> Introduction
> This the first release of GNAT Box 3.0 with the IPSec VPN option enabled.
> In this release the IPSec VPN encryption has been limited to
> keylengths of 64 bits. This keylength restriction has been imposed
> in order to provide a single version of GNAT Box software world wide.
> Although in January 2000 the US export regulations were ammended to
> allow for the export of stronger encryption, there are still
> restrictions and various requirements depending upon the classification
> of the software. Therefore we felt the quickest way to release
> an exportable version of GNAT Box with IPSec VPN features was to
> provide an implementation that could be approved quickly.
>
> Our goal is to provide full strength IPSec VPN enabled GNAT
> Box system software on a world wide basis. We are working toward
> that goal, and working our way through the regulations.
>
> IPSec Implementation
> The IPSec implementation in this release only supports manual
> keying. Later versions will have automated keying support as
> per the IPSec IKE standard. The target for this release was
> a network to network vpn configuration, (IPSec ESP tunnel mode)
> Although remote clients should be interoperable with the GNAT
> Box IPSec implementation they may not be usable with this
> release unless they support manual keying.
>
> Supported Transformations
> - ESP tunnel mode
> - AH tunnel mode
>
> Note: ESP and AH transport modes are not supported.
>
> The following encryption transformations are available in
> GNAT Box 3.0.2:
>
> IPSec AH
> - Keyed MD5
> - Keyed SHA1
> - HMAC MD5
> - HMAC SHA1
>
> IPSec ESP
> - Null 0 bits
> - Simple 0-64 bits
> - DES-CBC 56 bits
> - BLOWFISH CBC 40-64 bits
> - CAST128 CBC 40-64 bits
> - RC5 CBC 40-64 bits
>
> The NULL ESP Tunnel mode provides no encryption, however it does perform
IP
> encapsulation. This mode is useful when using protocols that are not
> supported in the NAT mode by GNAT Box, (e.g. NetMeeting). Of course the
> remote network (GNAT Box or a third party product) needs to be able
> to be configured in a like mode.
>
> Table of contents
> -----------------
> 1. What's New Since Version 3.0.1
> 1.1 New Features in 3.0.2
> 1.2 Changes
>
> 2. Upgrading from previous versions
> 2.1 From GNAT Box 2.2
> 2.2 From GNAT Box 2.1
> 2.3 From GNAT Box 1.x
>
> 3. VPN Setup Outline
>
> 1. What's New Since Version 3.0.1
> With the introduction of the IPSec VPN feature more load is
> placed on the CPU when encryption is performed. Although
> 486 systems are capable of running the IPSec VPN depending
> on the network, encryption and load such low-end CPUs may
> not be desirable configuration.
>
> 1.1 New Features
> o IPSec VPN is a standard feature in GNAT Box Pro
> and the GB-100 firewall appliance.
> o PSN is now an optional feature for GNAT Box Light
> it can be enabled with an activation code.
> o IPSec VPN is an optional feature for GNAT Box Light
> it can be enabled with an activation code.
>
> 1.2 Changes
> o Due to the size of the IPSec VPN code support for Token Ring in the
> GNAT Box software only version has been removed. Token Ring is
> available in the GB-100 Firewall Appliance.
> o Email alarms now include the correct CRLF characters so that email
> alarm messages are process correctly by mail client software.
> o All user interfaces, (Console, Web and GBAdmin) have been updated
> to support the creation and manipulation of VPN definitions.
>
> 1.3 Bug Fixes
> o Console
> - Additional IP protocols not added to the filter edit popup.
Fixed.
> - Popup lists one too big. Fixed.
> - Popup lists could potentially overflow the screen. Fixed.
> - Row displayed one entry past the end of list box for insertions
> after last row. Fixed.
> - Logic for setting "keep alive flag" backwards. Fixed.
> - Missing "DEFAULT" button on protocols window. Fixed.
>
> o Web Interface
> - Embedded spaces in interface names caused name truncation.
Fixed.
> - "OK" from error in Pass Through Filter edit displayed Outbound
> Filter screen. Fixed.
>
> o GBAdmin
> - Hangs when logging off from filter preference screen. Fixed.
> - Hangs when connecting to new host from filter preference
> screen. Fixed.
> - Doesn't used real interface on network information screen.
Fixed.
> - "Save All" across the network doesn't load encryption key
> before connecting. Fixed.
>
> o System Software
> - Missing entries for VX1 and VX2 devices for 3Com 3c595
> EtherLink III have been added.
> - Updated Token Ring driver for GB-100 system.
>
> o All
> - Problem loading config with 2.1.0 filter preferences. Fixed.
> - GNAT Box Light configuration conversion to GNAT Box Pro improperly
> converted RIP data. Fixed.
> - Network Interface Card list is now displayed sorted order.
>
> o GNAT Box Light
> - Added PSN optional feature.
> - Added VPN optional feature.
> - Allow save all from GBAdmin.
> - Disabled RMC filter by default.
>
> 2. How to Update
>
> 2.1 From GNAT Box Version 2.2
>
> 2.1.1 Install the software.
>
> o If you downloaded the GNAT Box 3.0 software
>
> The software is available in various packages:
> o Full package with Win95/NT installer
> o Runtime OS only in zip format
> o Full package in Unix tar format (gzip)
> o Runtime OS only in gzip format
>
> o If are installing from a 3.0 CDROM
>
> o Win95/98/NT
> Click the "Install" icon on the CDROM follow the
> installers instructions and answer the questions. The
> installer will install the Win95 utility programs along
> with the runtime GNAT Box diskette image. It will also
> create a new GNAT Box runtime diskette at the end of the
> installation.
>
> o Win3.x
> Click the "Install" icon on the CDROM follow
> the installers instructions and answer the questions.
> The installer will install the Win 3.x utility programs
> along with the runtime GNAT Box diskette image.
> Although the new GBAdmin utility is not available for
> Windows 3.x, although GBUtil is a Win 3.x program that
> can read/write GNAT Box floppy diskettes. A new GNAT
> Box runtime diskette will also be created at the end of
> the installation process.
>
> o DOS
> Mount the CDROM and change directory to \GB\DOS. Run
> the Install.bat file. All the DOS utility programs
> along with the runtime GNAT Box diskette image will be
> installed on your hard disk. A new runtime diskette
> will also be created.
>
> o Unix
> Mount the CDROM and change directory to /GB/Unix
> directory. Copy the runtime image to a directory on a
> mounted r/w filesystem.
>
> o Mac
> Mount the CDROM and open the Mac folder inside the GB
> folder. Copy the runtime image file to your hard
> disk. You can use DiskDup+ or Apple Disk Copy 6.3 to
> copy the image to floppy diskette.
>
> 2.1.2 Create the runtime floppy diskette
> o If you use the Win95/NT installer, you will have the
> option to have the diskette created for you.
>
> o If you download only the runtime OS then use the
> GBUTIL.EXE program under Win/Win95/NT. Under DOS use
> GBWRITE.EXE.
>
> o If you are on a Unix/Linux system use the 'dd' command:
> dd if=gbp300.flp of=/dev/rfd0c bs=18k
>
> o On a Macintosh system you can use the DiskDup+ utility or
> Apple's Disk Copy 6.2.
>
> 2.1.3 Save your current configuration
> Windows/Win95/NT Users
> o Use the new GBAdmin.exe program to save your configuration.
> or
> o Use gbMakeFloppy.
> - Start gbMakeFloppy
> - Select the GNAT Box 3.0 runtime image
> - Click the icon in the top left corner of the titlebar to
> display a menu. Select "merge" from the menu and select
> the source for your old configuration data.
> - Once your configuration data is loaded an icon will be
> displayed in the gbMakeFloppy application indicating
> a configuration has been loaded.
> - Click "Make floppy" to create a new floppy with the 3.0
> runtime and your old configuration.
> or
> o Use the gbconfig.exe program to save your current 2.2.x
> configuration.
> Example:
> gbconfig -s A myconfig.cfg
>
> Unix/Linux Users
> o Use the 'dd' command to save your 2.2.x configuration.
> Example:
> dd bs=18k skip=78 if=/dev/rfd0c of=myconfig.cfg
>
> Note: Your floppy disk device may be different.
>
>
> 2.1.4 Restore your current configuration
> Windows/Win95/NT Users
> o Use the GBAdmin.exe program to merge your previous
> configuration with the new runtime OS image.
> 1. Use File->Open to read in the new 3.0 runtime OS
> image (e.g.. gbp300.flp).
> 2. Use Configuration->Merge.. to read in your saved
> configuration.
> 2. Make any modifications.
> 4. Use File->Save As.. to create a floppy diskette.
> OR
> o Use the gbconfig.exe program to restore your previous
> 2.2.x config on to the new 3.0 diskette.
> When the 3.0 system is booted up it will detected your
> older configuration data and convert it to the 3.0
> format and save it. New features will be set to the
> default values.
>
> Example:
> gbconfig -r A myconfig.cfg
>
> Unix/Linux Users
> o Use the 'dd' command to restore `your 2.2.x configuration
> onto the 3.0 diskette.
>
> Example:
> dd bs=18k seek=78 if=myconfig.cfg of=/dev/rfd0c
>
> Note: Your floppy disk device may be different.
>
> 2.1.5 Reboot your GNAT Box with the new 3.0 diskette.
>
> 2.2 From GNAT Box Version 2.1.x
> Although GNAT Box version 3.0 can read version 2.1.x configuration
> data and the update procedure described in section 2.1 of this
> document can be used, it is probably more desirable to use the
> following method.
>
> 2.2.1 Print a hard copy of your 2.1.x configuration report and
> have it available. Follow the procedure in section 2.l to load
> your 2.1.x configuration data into GBAdmin 3.0. Next click on the
> Remote Access Filter section to display it, then click the
> "default" icon to generate a set of default filters for your
> configuration. Next add and modify the filters that were created
> to match your previous configuration. Do the same for Outbound
> filters.
>
> The reasoning for this procedure is that many of the default
> filters have changed; some have been removed entirely converted to
> "Automatic filters" which no longer require explicit filters to be
> in place. Also with the introduction of the "filter disable"
> facility in the 2.2.x release additional optional filters have
> been added to the default list and then disabled. This way if you
> wish to utilize optional facilities there is no need to key in the
> filters by hand, since they can simply be enabled.
>
> 2.3 From GNAT Box Versions 2.0.x and 1.x
> Since the configuration data from these versions are no longer
> supported a new configuration should be created from scratch.
> Print off a copy of your configuration to use as a reference when
> creating your 3.0 configuration.
>
> 3. VPN Setup Outline
> This outline is a guide to configuring a VPN on GNAT Box 3.0.2.
>
> Overview
> 1. Define the VPN Security Association
> 2. Create a Remote Access Filter to allow the remote site to connect
> to the local GNAT Box firewall with IPSec protocols.
> 3. Create IP Pass Through VPN filters to allow both inbound and
> outbound traffic to flow on the VPN.
>
> Detailed Setup Outline
>
> I. Open VPN Edit Box (Authorization->VPN)
> A. Enable VPN
> B. Description: Enter description.
> (Will be used in filter definitions later).
> C. Enter the destination address. This should be the address of the
> network behind the target GNAT Box.
> D. Gateways:
> 1. Local Gateway: your External NIC's IP number or an alias on
> the External NIC.
> 2. Remote Gateway: IP number on the External Interface of the
> GNAT Box Firewall you are connecting to.
> E. Authentication Header:
> 1. AH Method Options:
> a. none
> b. hmacs-md5
> c. hmacs-sha1
> d. keyed-md5
> e. keyed-sha1
> 2. AH Key type: ASCII or HEX
> 3. AH key:
> a. "hmacs-md5" and "keyed-md5" require 128 bit key. Length of
the
> key MUST be 16 characters in ASCII or 32 characters in HEX.
> b. "hmacs-sha1" and "keyed-sha1" require 160 bit key.
> Length of the key MUST be 20 characters in ASCII or 40
> characters in HEX.
> F. Encapsulation Security Protocol: (ESP)
> 1. EH Methods
> a. None (Not a valid option if none selected above.)
> b. NULL
> c. Blowfish
> d. Cast128
> e. DES
> f. Rc5
> 2. ESP Key: type: ASCII or Hex
> 3. ESP Key:
> a. NONE: 0 to 160bits.
> b. Blowfish: key length must be between 40 and 64 bits
> (ASCII between 5-8 chars, Hex is between 10-16 hexadecimal
> numbers).
> c. Cast128: key length must be between 40 and 64 bits
> (ASCII between 5-8 chars, Hex is between 10-16 hexadecimal
> numbers).
> d. Des: key length must be 64 bits (ASCII 8 characters, Hex is
> 16 hexadecimal numbers)
> e. Rc5: key length must be between 40 and 64 bits (ASCII
> between 5-8 characters, Hex is between 10-16 hexadecimal
> numbers).
> G. Security Parameter Index (SPI): Must be a number greater
> than or equal to 4096.
> Inbound SPI: Hex or decimal >= 4096
> Outbound SPI: Hex or decimal >= 4096
>
> II. Create A Remote Access filter to allow the VPN connection
> (Filters->Remote Access)
>
> A. Default filters: this will automatically set up the appropriate
> filter. (Optional).
>
> B. Define remote access filter:
> Type: Accept
> Interface: External
> Protocol: ESP or AH
> Source IP: IP number on the External Interface of the GNAT Box
that
> will be creating the VPN connection.
> Source Port: 0
> Destination IP: IP number of the External NIC or an alias on
> the External NIC.
> Destination Port: 0
>
> C. Save Remote Access Filter set.
>
> III. IP Pass Through filter to control access through the VPN.
> (IP PassThrough -> Filters)
>
> A. Default Pass Through Filter: this will automatically set up
> the appropriate filter set (Optional).
> B. Define the Appropriate filters for your security policy.
> The Networks involved will be you protected network and the
> destination network from the GNAT Box VPN definition.
> C. Default IP Pass Through VPN Filter Set:
> 1 #DEFAULT: VPN, deny inbound (Connection to X.X.X.X).
> DISABLED -
> Type: Deny Interface: "EXTERNAL" Protocol: ALL
> Source IP: 192.168.11.0 Mask: 255.255.255.0
> Destination IP: "ANY_IP"
> 2 #DEFAULT: VPN, allow outbound (Connection to X.X.X.X).
> Type: Accept Interface: "PROTECTED" Protocol: ALL
> Source IP: 192.168.11.0 Mask: 255.255.255.0
> Destination IP: "ANY_IP"
>
> Note: Valid hexadecimal values are 1 2 3 4 5 6 7 8 9 A B C D E F.
> -------------------------------------------------------------------------
> Paul Emerson Tel: +1.407.380.0220 x106
> Global Technology Associates, Inc. Fax: +1.407.380.6080
> 3505 Lake Lynda Drive Mobile: +1.407.310.8564
> Suite 109 Pager: +1.888.440.8232
> Orlando, Florida 32817 Email: [EMAIL PROTECTED]
> USA Web: http://www.gta.com
> Mobile Email: [EMAIL PROTECTED]
> -------------------------------------------------------------------------
>
>
> ----------------------------------------------
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe gb-users your_email_address
> in the body of the message
