Shiva LanRover VPN
Fri Jan 4 00:30:02 EST 2008
Thomas,
I have over 12 months experience with the Shiva Lanrover VPN. We are using
it at several of our customer sites and are really happy with it.
First, you need to be using version 6.7 of the s/w. The client code is 6.7
patch 2 and the latest gateway code is 6.7 patch 3. The GUI manager is also
6.7 p3. Get this code from your Shiva rep before going any further.
We only use multiple remote user tunnels and I have also seen the same
problems when using the older code.
If it is W95 client, it MUST have the WINSOCK 2 patch.
Regarding the DHCP pool, we don't use true Microsoft DHCP, but instead
allocate a secondary IP address to the inside trusted interface on the vpn
gateway. For example, if the g/w is 123.123.123.2 , the nearest inside
router is 123.123.123.1 which leaves us with a pool from .3 up to .254 for
client IPs (assuming a /24)
I have not used certs , but are instead used Shiva access manager (RADIUS).
We alo have Secur-ID working well at another location. Both work exremely
well. You can get a 45 day eval of SAM 5.0 from the Shiva web site. One of
my collegues in the US also had the Lanrover working with Cisco Secure
(another RADIUS implementation)
I've attached a sanitized version of a g/w config. Just replace "inside" and
"outside" with the subnets you are using. Note the "another-inside-subnet"
for the secondary for the client IP's.
The client IPs don't have to be routable on the internet, just on the
trusted network - so you can use 10. or any addressing for client IP's that
you like.
Hope this helps,
regards,
Darren Kruse
Advanced Communications Engineer
EDS (Australia)
tel: + 61 8 8301 5322 <<-- !! **Note new phone number** !!
PGP Fingerprint (valid to 31/12/2000)
6CD809275B6777820D61888AF84DEF004AF40E9F mailto://darren.kruse@eds.com
> -----Original Message-----
> From: Thomas J. Arseneault [mailto:arsen at GNAC.COM]
> Sent: Tuesday, January 18, 2000 8:01 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: Shiva LanRover VPN
>
>
> Software version 6.6. I'm trying to get the single user
> tunnel to work but
> it keeps complaining about "Can't assign Client IP". I have
> tried turning
> off the "Client IP" check box to no avail. I'm unclear about
> the use of the
> multiple tunnel config and am also wondering if that is what
> I should be
> doing instead of a single tunnel. The initial tests are being
> done with a
> single user but the active config will have multiple users
> from multiple
> sites. We plan on using Certs once we get up and running but
> the tests will
> be done with shared secret's.
>
> Also how does one deal with DHCP address at the far end?
>
> I'm sure I left out something important so if you all need
> more information
> please feel free to ask for it. P.S. I have never gotten one
> of these to
> work so I don't know what a working one looks like so
> sanitized configs
> would come in handy. Thanks.
>
>
> **********************************************
> Tom Arseneault
> System Admin.
> Gnac Inc.
> arsen at gnac.com
> **********************************************
>
> VPN is sponsored by SecurityFocus.COM
>
--0__=SmD8jd0o04XwsrOq50Vo9IUWPFOnBnQEy4KX6DrTQhQGDBARrjsAAH17
Content-type: application/rtf;
name="sanitized adlvpn01 january 13th 2000.cfg"
Content-Disposition: attachment; filename="sanitized adlvpn01 january 13th 2000.cfg"
Content-transfer-encoding: base64
Content-Description: Rich Text Format
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZGVmZjBcZGVmdGFiNzIwe1xmb250dGJse1xmMFxmc3dp
c3MgTVMgU2FucyBTZXJpZjt9e1xmMVxmcm9tYW5cZmNoYXJzZXQyIFN5bWJvbDt9e1xmMlxmbW9k
ZXJuIENvdXJpZXIgTmV3O317XGYzXGZyb21hbiBUaW1lcyBOZXcgUm9tYW47fX0NCntcY29sb3J0
YmxccmVkMFxncmVlbjBcYmx1ZTA7fQ0KXGRlZmxhbmcxMDMzXHBhcmRccGxhaW5cZjJcZnMyMCBj
b25maWcNClxwYXIgIQ0KXHBhciAhISEhISBOT1JNQUwgQ09ORklHVVJBVElPTg0KXHBhciAhDQpc
cGFyIGhvc3RuYW1lIGFkbHZwbjAxDQpccGFyIHRpbWV6b25lIEdNVCANClxwYXIgIQ0KXHBhciBp
bnQgZSAwDQpccGFyIFx0YWIgaXAgYWRkcmVzcyBpbnNpZGUuMjQ5IDI1NS4yNTUuMjU1LjANClxw
YXIgXHRhYiBpcCBhZGRyZXNzIGFub3RoZXItaW5zaWRlLXN1Ym5ldC4yIDI1NS4yNTUuMjU1LjAg
c2Vjb25kYXJ5DQpccGFyIFx0YWIgaXAgbXR1IDE1MDANClxwYXIgXHRhYiBtb2RlIHJlZA0KXHBh
ciBcdGFiIGJhbmR3aWR0aCAxMA0KXHBhciBpbnQgZSAxDQpccGFyIFx0YWIgaXAgYWRkcmVzcyBv
dXRzaWRlLjE4MCAyNTUuMjU1LjI1NS4yNDANClxwYXIgXHRhYiBpcCBtdHUgMTUwMA0KXHBhciBc
dGFiIG1vZGUgYmxhY2sNClxwYXIgXHRhYiBiYW5kd2lkdGggMTANClxwYXIgaW50IGEgMA0KXHBh
ciBcdGFiIHNodXRkb3duDQpccGFyIFx0YWIgaXAgYWRkcmVzcyAwLjAuMC4wIDAuMC4wLjANClxw
YXIgXHRhYiBlbmNhcHN1bGF0aW9uIHBwcA0KXHBhciBcdGFiIGlwIG10dSAxNTAwDQpccGFyIFx0
YWIgbXR1IDIwNDgNClxwYXIgXHRhYiBtb2RlIHJlZA0KXHBhciBcdGFiIGJhbmR3aWR0aCAxMTUy
MDANClxwYXIgXHRhYiBrZWVwYWxpdmUgMA0KXHBhciBcdGFiIGNoYXQgIiINClxwYXIgXHRhYiBp
ZGxlLXRpbWVvdXQgMTANClxwYXIgXHRhYiBjaGF0LXRpbWVvdXQgMzANClxwYXIgXHRhYiBjb21w
cmVzc2lvbiBvZmYNClxwYXIgXHRhYiBwcHAtYXV0aGVudGljYXRpb24gcGFwDQpccGFyIGJyaWRn
ZSAwLjAuMC4wIDAuMC4wLjANClxwYXIgIQ0KXHBhciBpcCByZWQtZ2F0ZXdheSAgaW5zaWRlLjEg
DQpccGFyIGlwIGJsYWNrLWdhdGV3YXkgIG91dHNpZGUuMTc3IA0KXHBhciBpcCBkZWZhdWx0LWdh
dGV3YXkgIDAuMC4wLjAgDQpccGFyICENClxwYXIga2V5LXBhaXItbGlmZSAgMzY1DQpccGFyIHNl
Y3VyZS1wcm9maWxlIFNTVC10dW5uZWwtNTZiaXQtbm9SQURJVVMNClxwYXIgXHRhYiBlbmNhcHN1
bGF0aW9uIHNzdA0KXHBhciBcdGFiIGF1dGhlbnRpY2F0aW9uIGtleQ0KXHBhciBcdGFiIHB1Ymxp
Yy1rZXktbGVuZ3RoIDIwNDgNClxwYXIgXHRhYiBhbGdvcml0aG0gZGVzDQpccGFyIFx0YWIgY3J5
cHRvLXBlcmlvZCA3MjANClxwYXIgXHRhYiBrZWVwLWFsaXZlIDE1DQpccGFyIFx0YWIgdGltZW91
dCA2MDANClxwYXIgXHRhYiBjbGllbnQta2VlcC1hbGl2ZSAxNQ0KXHBhciBcdGFiIGNsaWVudC10
aW1lb3V0IDE0NDAwDQpccGFyIFx0YWIgY29tcHJlc3Npb24gb24NClxwYXIgXHRhYiBwcm90b2Nv
bCAxNw0KXHBhciBcdGFiIHBhY2tldC1rZXkgZW5hYmxlDQpccGFyIHNlY3VyZS1wcm9maWxlIFNT
VC10dW5uZWwtNTZiaXQNClxwYXIgXHRhYiBlbmNhcHN1bGF0aW9uIHNzdA0KXHBhciBcdGFiIGF1
dGhlbnRpY2F0aW9uIHJhZGl1cw0KXHBhciBcdGFiIHB1YmxpYy1rZXktbGVuZ3RoIDIwNDgNClxw
YXIgXHRhYiBhbGdvcml0aG0gZGVzDQpccGFyIFx0YWIgY3J5cHRvLXBlcmlvZCA3MjANClxwYXIg
XHRhYiBrZWVwLWFsaXZlIDE1DQpccGFyIFx0YWIgdGltZW91dCA2MDANClxwYXIgXHRhYiBjbGll
bnQta2VlcC1hbGl2ZSAxNQ0KXHBhciBcdGFiIGNsaWVudC10aW1lb3V0IDE0NDAwDQpccGFyIFx0
YWIgY29tcHJlc3Npb24gb24NClxwYXIgXHRhYiBwcm90b2NvbCAxNw0KXHBhciBcdGFiIHBhY2tl
dC1rZXkgZW5hYmxlDQpccGFyICENClxwYXIgcmVtb3RlLWdyb3VwIHN0YW5kYXJkIGVkcyBwcm9m
aWxlDQpccGFyIFx0YWIgbW9kZSByZWQNClxwYXIgXHRhYiBwcm9maWxlIFNTVC10dW5uZWwtNTZi
aXQNClxwYXIgXHRhYiBuZXQtaW5jbHVkZSBzdWJuZXQgYWRkcmVzcyBhbmQgbWFzayANClxwYXIg
XHRhYiAuLmV0YyAuLiANClxwYXIgXHRhYiBuZXQtZXhjbHVkZSBzdWJuZXQgYWRkcmVzcyBhbmQg
bWFzayANClxwYXIgXHRhYiBjbGllbnQtaXAgYW5vdGhlci1pbnNpZGUtc3VibmV0LjMgMjM3IA0K
XHBhciBcdGFiIGRoY3Atb3B0aW9uIGRucyA0IGRucyBzZXJ2ZXIgaXAgYWRkcg0KXHBhciBcdGFi
IGRoY3Atb3B0aW9uIHdpbnMgNCB3aW5zIHNlcnZlciBpcCBhZGRyDQpccGFyIHJlbW90ZSBzaW5n
bGUgaXAgdGVzdCB0dW5uZWwNClxwYXIgXHRhYiBtb2RlIHJlZA0KXHBhciBcdGFiIHByb2ZpbGUg
U1NULXR1bm5lbC01NmJpdC1ub1JBRElVUw0KXHBhciBcdGFiIG5ldC1pbmNsdWRlIHN1Ym5ldCBh
ZGRyZXNzIGFuZCBtYXNrIA0KXHBhciBcdGFiIC4uZXRjIC4uIA0KXHBhciBcdGFiIG5ldC1leGNs
dWRlIHN1Ym5ldCBhZGRyZXNzIGFuZCBtYXNrIA0KXHBhciBcdGFiIGNsaWVudC1pcCBhbm90aGVy
LWluc2lkZS1zdWJuZXQuMjQwIA0KXHBhciBcdGFiIGRoY3Atb3B0aW9uIGRucyA0IGRucyBzZXJ2
ZXIgaXAgYWRkcg0KXHBhciBcdGFiIGRoY3Atb3B0aW9uIHdpbnMgNCB3aW5zIHNlcnZlciBpcCBh
ZGRyDQpccGFyIFx0YWIgYXV0aC1rZXkgKioqKioqKioNClxwYXIgIQ0KXHBhciBtaW4tcHJveHkt
dGltZW91dCAwDQpccGFyIG1heC1wcm94eS10aW1lb3V0IDANClxwYXIgIQ0KXHBhciBzbm1wLXNl
cnZlcg0KXHBhciBcdGFiIHNubXAtbG9jYXRpb24geHh4eA0KXHBhciBcdGFiIHNubXAtY29udGFj
dCBEYXJyZW4gS3J1c2UgDQpccGFyICENClxwYXIgY2EgMC4wLjAuMCAxMDAyNw0KXHBhciBcdGFi
IHJlbmV3LWNlcnQgMjENClxwYXIgXHRhYiB1cGRhdGUtY3JsIDI0DQpccGFyIFx0YWIgY2FuYW1l
IA0KXHBhciAhDQpccGFyIGFjZS1tYXN0ZXIgMC4wLjAuMCA1NTAwDQpccGFyIGFjZS1zbGF2ZSAw
LjAuMC4wIDU1MDANClxwYXIgIQ0KXHBhciByYWRpdXMtcHJpbS1hdXRoLWlwIGluc2lkZS4yMDAg
MTY0NQ0KXHBhciByYWRpdXMtc2VjLWF1dGgtaXAgaW5zaWRlIG51bWJlciAyIDE2NDUNClxwYXIg
cmFkaXVzLXByaW0tYWNjdC1pcCBpbnNpZGUuMjAwIDE2NDYNClxwYXIgcmFkaXVzLXNlYy1hY2N0
LWlwIDAuMC4wLjAgMTY0Ng0KXHBhciAhDQpccGFyICFTZWNvbmRhcnkgU3lzbG9nIGhvc3RzDQpc
cGFyIHN5c2xvZyBob3N0IGluc2lkZS4yNDAgNTE0DQpccGFyICENClxwYXIgXHRhYiBzeXNsb2cg
ZGVzdGluYXRpb24gaG9zdA0KXHBhciBcdGFiIHN5c2xvZyBmYWNpbGl0eSAwDQpccGFyIFx0YWIg
c3lzbG9nIHByaW9yaXR5IGFsbCA2DQpccGFyICENClxwYXIgZW50cnVzdC1tYW5hZ2VyIDAuMC4w
LjAgNzA5DQpccGFyIGVudHJ1c3QtZGlyZWN0b3J5IDAuMC4wLjAgMzg5DQpccGFyIGVudHJ1c3Qt
cmVmbnVtIDANClxwYXIgZW50cnVzdC1hdXRoLWNvZGUNClxwYXIgIQ0KXHBhciBtYW5hZ2VyIGFk
bWluICoqKioqKioqIGZ1bGwNClxwYXIgbWFuYWdlci1hbGxvdyByZWQNClxwYXIgbWFuYWdlci1w
cm90b2NvbCAxNw0KXHBhciBtYXgtdGVsbmV0IDINClxwYXIgY29uc29sZS10aW1lb3V0IDUNClxw
YXIgdGVsbmV0LXRpbWVvdXQgNQ0KXHBhciAhDQpccGFyIGFjbC1tYXRjaC1leGFjdCBvZmYNClxw
YXIgIQ0KXHBhciBlbmQNClxwYXIgDQpccGFyIH0NCgA=
--0__=SmD8jd0o04XwsrOq50Vo9IUWPFOnBnQEy4KX6DrTQhQGDBARrjsAAH17--
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list