Revision: 2708
http://ipcop.svn.sourceforge.net/ipcop/?rev=2708&view=rev
Author: eoberlander
Date: 2009-04-13 18:40:24 +0000 (Mon, 13 Apr 2009)
Log Message:
-----------
Start to update VPN section.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/images/vpn-ca1.png
IPCopDoc/trunk/en/admin/xml/vpns.xml
Added Paths:
-----------
IPCopDoc/trunk/en/admin/images/vpn-ca2.png
IPCopDoc/trunk/en/admin/images/vpn-ca3.png
Modified: IPCopDoc/trunk/en/admin/images/vpn-ca1.png
===================================================================
(Binary files differ)
Added: IPCopDoc/trunk/en/admin/images/vpn-ca2.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/vpn-ca2.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/vpn-ca3.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/vpn-ca3.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: IPCopDoc/trunk/en/admin/xml/vpns.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-04-13 12:56:39 UTC (rev
2707)
+++ IPCopDoc/trunk/en/admin/xml/vpns.xml 2009-04-13 18:40:24 UTC (rev
2708)
@@ -10,6 +10,35 @@
<title>
VPNs Menu
</title>
+ <para>
+ The VPNs Menu contains webpages which control Virtual Private Networks
+ which allow IPCop to connect two (or more) networks directly to each
+ other over another network, such as the Internet.
+ To get to these web pages, select
+ <guimenu>VPNs</guimenu> from the tab bar at the top of the screen.
+ The following choices will appear in a dropdown menu:
+ <itemizedlist>
+ <listitem>
+ <para>
+ <link linkend="vpn-ipsec">
+ <guimenuitem>IPsec</guimenuitem></link>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <link linkend="vpn-openvpn">
+ <guimenuitem>OpenVPN</guimenuitem></link>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <link linkend="vpn-ca">
+ <guimenuitem>Certificate Authorities</guimenuitem></link>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
<sect2 id="vpn-intro">
<title>
Virtual Private Networks (VPNs)
@@ -21,19 +50,19 @@
from prying eyes.
Similarly, a single computer can also connect to another network
using the same facilities.
- One of the protocols used to create VPNs is known as IPSec.
+ One of the protocols used to create VPNs is known as IPsec.
</para>
<para>
IPCop can easily establish VPNs between other IPCop servers.
IPCop can also inter-operate with just about any
- VPN product that supports IPSec and standard encryption
+ VPN product that supports IPsec and standard encryption
technologies such as 3DES.
VPN connections in IPCop are defined as Net-to-Net or Host-to-Net.
This is 100% optional, so you may safely ignore this section
if you do not wish to make use of this feature.
</para>
<para>
- Most modern operating systems have support for IPSec.
+ Most modern operating systems have support for IPsec.
This includes Windows, Macintosh OSX, Linux and most
Unix variants.
Unfortunately, the tools needed to provide this support vary
@@ -43,11 +72,11 @@
<title>Net-to-Net</title>
<para>
Net-to-net VPNs link two or more private networks across the
- Internet, by creating an IPSec <quote>tunnel</quote>.
+ Internet, by creating an IPsec <quote>tunnel</quote>.
In a net-to-net VPN, at least one of the networks involved must
be connected to the Internet with an IPCop firewall.
The other network can be connected to an IPCop firewall, or
- another IPSec enabled router or firewall.
+ another IPsec enabled router or firewall.
These router/firewalls have public IP addresses assigned
by an ISP and are most likely to be using Network Address
Translation, hence the term Net-to-Net.
@@ -70,6 +99,185 @@
</para>
</sect3>
</sect2>
+
+ <sect2 id="vpn-ipsec">
+ <title>
+ IPsec Configuration Administrative Web Page
+ </title>
+ <para>
+ Content to be written...
+ </para>
+ </sect2>
+
+ <sect2 id="vpn-openvpn">
+ <title>
+ OpenVPN Configuration Administrative Web Page
+ </title>
+ <para>
+ Content to be written...
+ </para>
+ </sect2>
+
+ <sect2 id="vpn-ca">
+ <title>
+ Certificate Authorities Administrative Web Page
+ </title>
+ <para>
+ Content to be written...
+ </para>
+
+ <sect3 id="gen-ca-cert">
+ <title>Generating Root and Host Certificates</title>
+ <para>
+ <figure id="v190.vpn.031">
+ <title>Certificate Authorities window: Initial View</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-ca1.&imageext;"
format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-ca1.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Initial View</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <para>
+ To create an IPCop's Certificate Authority or CA, enter your
+ CA's name in the
+ <guilabel>CA Name</guilabel> box.
+ The name should be different than the IPCop machine's
+ host name to avoid confusion.
+ For example, <userinput>ipcopca</userinput> for the CA and
+ <userinput>ipcop</userinput> for the hostname.
+ Then click on the
+ <guibutton>Generate Root/Host Certificates</guibutton>
+ button.
+ </para>
+ <para>
+ The <guilabel>Generate Root/Host Certificates</guilabel>
+ will appear.
+ Fill out the form and both a X.509 root and host certificate will be
+ generated.
+ </para>
+ <para>
+ <figure id="v190.vpn.032">
+ <title>Generate Root/Host Certificates window</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-ca2.&imageext;"
format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-ca2.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Generate a Certificate</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <formalpara>
+ <title><guilabel>Organization Name</guilabel></title>
+ <para>
+ The organization name you want used in the certificate.
+ For example, if your VPN is tying together schools in a school
+ district, you may want to use something like
+ <userinput>Some School District.</userinput>
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>IPCop's Hostname</guilabel></title>
+ <para>
+ This should be the fully qualified domain name of your IPCop.
+ If you are using a
+ <link linkend="services_dyndns">dynamic DNS service</link>,
+ use it.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Your E-mail Address</guilabel></title>
+ <para>
+ Your E-mail address, so that folks can get hold of you.
+ </para>
+ </formalpara>
+ <para>
+ The next three fields; department, city and state or province.
+ You can leave them out if you wish.
+ </para>
+ <formalpara>
+ <title><guilabel>Your Department</guilabel> - optional</title>
+ <para>
+ This is the department or suborganization name.
+ Continuing the school district example, this could be
+ <userinput>My Elementary School</userinput>.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>City</guilabel> - optional</title>
+ <para>
+ The city or mailing address for your machine.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>State or Province</guilabel> - optional</title>
+ <para>
+ The state or province associated with the mailing address.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Country</guilabel></title>
+ <para>
+ This pull down selection menu contains every ISO recognized
+ country name.
+ Use it to select the country associated with the certificate.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Subject Alt Name</guilabel></title>
+ <para>
+ Description required...
+ </para>
+ </formalpara>
+ <para>
+ After completing the form, click on the
+ <guibutton>Generate Root/Host Certificates</guibutton>
+ button to generate the certificates.
+ </para>
+ <para>
+ <figure id="v190.vpn.033">
+ <title>Certificate Authorities window: with
Certificates</title>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;vpn-ca3.&imageext;"
format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;vpn-ca3.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Certificate Management</phrase>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </para>
+ <para>
+ If desired, you can generate several root and host certificates on a
+ single IPCop, and then export them to PKCS12 format files, encrypted
+ with a password.
+ You can then email them as attachments to your other sites.
+ Using the
+ <guilabel>Upload PKCS12 file</guilabel>
+ portion of this web page, you can upload and decrypt the certificates
+ on a local IPCop machine.
+ </para>
+ </sect3>
+ </sect2>
+
+<!--
<sect2 id="authentication_intro">
<title>Methods of Authentication</title>
<para>
@@ -97,7 +305,7 @@
It can be used to test connectivity of a VPN and to become
familiar with the procedure of establishing a VPN connection.
Experienced users may wish to progress straight to
- <link linkend="create_CA_cert">generating a certificate of
+ <link linkend="gen-ca-cert">generating a certificate of
authority</link> before trying to configure a roadwarrior or
a net-to-net VPN connection.
</para>
@@ -265,115 +473,6 @@
The VPN connection type page will appear.
</link>
</para>
- <sect3 id="create_CA_cert">
- <title>Creating IPCop's Certificates</title>
- <para>
- <figure id="v140.vpn.007">
- <title>VPN Certificate Authorities window: Initial View</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;vpn-ca1.&imageext;"
format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;vpn-ca1.&imageext;"
format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>VPN Certificate Authorities</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <para>
- To create an IPCop's Certificate Authority or CA, enter your
- CA's name in the
- <guilabel>CA Name</guilabel> box.
- The name should be different than the IPCop machine's
- host name to avoid confusion.
- For example, <userinput>ipcopca</userinput> for the CA and
- <userinput>ipcop</userinput> for the hostname.
- Then click on the
- <guibutton>Generate Root/Host Certificates</guibutton>
- button.
- </para>
- <para>
- The <guilabel>Generate Root/Host Certificates</guilabel>
- will appear.
- Fill out the form and both a X.509 root and host certificate will be
- generated.
- </para>
- <formalpara>
- <title><guilabel>Organization Name</guilabel></title>
- <para>
- The organization name you want used in the certificate.
- For example, if your VPN is tying together schools in a school
- district, you may want to use something like
- <quote>Some School District.</quote>
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>IPCop's Hostname</guilabel></title>
- <para>
- This should be the fully qualified domain name of your IPCop.
- If you are using a
- <link linkend="services_dyndns">dynamic DNS service,</link>
- use it.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Your E-mail Address</guilabel></title>
- <para>
- Your E-mail address, so that folks can get hold of you.
- </para>
- </formalpara>
- <para>
- The next three fields; department, city and state or province.
- You can leave them out if you wish.
- </para>
- <formalpara>
- <title><guilabel>Your Department</guilabel></title>
- <para>
- This is the department or suborganization name.
- Continuing the school district example, this could be
- <userinput>XX Elementary School.</userinput>
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>City</guilabel></title>
- <para>
- The city or mailing address for your machine.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>State or Province</guilabel></title>
- <para>
- The state or province associated with the mailing address.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Country</guilabel></title>
- <para>
- This pull down selection menu contains every ISO recognized
- country name.
- Use it to select the country associated with the certificate.
- </para>
- </formalpara>
- <para>
- After completing the form, click on the
- <guibutton>Generate Root/Host Certificates</guibutton>
- button to generate the certificates.
- </para>
- <para>
- If desired, you can generate several root and host certificates on a
- single IPCop, and then export them to PKCS12 format files, encrypted
- with a password.
- You can then email them as attachments to your other sites.
- Using the
- <guilabel>Upload PKCS12 file</guilabel>
- portion of this web page, you can upload and decrypt the certificates
- on a local IPCop machine.
- </para>
- </sect3>
<sect3 id="vpn-connection-type">
<title>
@@ -511,7 +610,7 @@
to restart the VPN if its IP address changes.
There are several scripts available on the IPCop news
groups
that will do this for you.
- </para>
+ </para>
</formalpara>
<formalpara>
<title><guilabel>Remote subnet</guilabel></title>
@@ -745,4 +844,5 @@
</sect3>
</sect2>
+-->
</sect1>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
