Technical Support

Need help?

 

How to create a basic VPN connection in Panda GateDefender eSeries

Information applies to:

Products
Panda GateDefender Integra eSeries
Panda GateDefender Performa eSeries

This how-to illustrates the necessary steps to configure a Roadwarrior SSL VPN (OpenVPN) tunnel between a remote user's computer and a Panda GateDefender eSeries device.

Configuration Example
The example below will be creating a remote user (roadwarrior) connection to allow communication between any external remote computer and the internal site's Green network.

This will allow the user to act as though they were locally (directly) connected to the Green network and will be able to access the same internal resources.

Enable the VPN Server

To enable the OpenVPN server, In the Dashboard go to: VPN > OpenVPN Server and click on the Enable OpenVPN server switch. The button should turn green after it is enabled.

Then from the Certificate configuration drop-down menu under OpenVPN settings, choose Download certificate to save the certificate on your local workstation, which will then be needed for the client's configuration.

Create VPN Account

In order to create a VPN user go to VPN > Authentication and click on Add a new local user. The only necessary options to configure for the new VPN account are the Username and Password.

Now, depending on the type of scenario you want to deploy, either go to the next section to setup a Roadwarrior connection or follow this howto to set up a Net2Net connection.

Once you've completed the necessary fields, click on Save to proceed.

Connect the OpenVPN server from your computer
If you don’t have installed the GateDefender ConnectApp, go to https://managedperimeter.pandasecurity.com/downloads_panda.php.




Once logged in, click on the Downloads menu item, where you should see the available GateDefender ConnectAPP installer files, at which point you can click the file for your specific operating system Windows or Mac OS X. Once the download is complete, follow your operating system's normal procedure to run the GateDefender ConnectAPP's installation.

VPN Client Configuration
Launch the ConnectApp and create a new connection profile. The window below will appear. on which to configure the connection.



In order to complete the form that appears when creating a new profile follow the list below:

  1. Profile name: choose a name for your profile.
  2. Server type: from the drop-down menu select the OpenVpn.
  3. Configuration mode: select the Manual from the drop-down menu.
  4. Server address: write your server address (the GateDefender public IP address).
  5. Authentication type: select from the drop-down menu the Username/ Password option.
  6. Certificate file: search the CA certificate you downloaded in the third step (assumed that you saved it as cacert.pem).
  7. Insert the username and password created in Section 2.
+ How to configure VPN in Linux - How to configure VPN in Linux
OpenVPN Network Manager plugin

OpenVPN is one of the opensource VPN solutions offered on the GateDefender UTM Appliances, whose main characteristics are security, scalability, support for many operating systems, speed, and easy integration with different authentication systems.

To connect Linux workstations to an OpenVPN server you need the Network Manager VPN plugin for OpenVPN, freely available in the repositories.

Software installation

In case you already have the package installed, please skip this step and go to "Connection Configuration" below, otherwise please follow these steps to install and configure the network manager plugin from the CLI:

To install it, use it as root on Ubuntu/Debian:

apt-get install network-manager-openvpn

On Fedora/Red Hat

yum install networkmanager-openvpn

Troubleshooting for Fedora 17 and /or SELinux users

Fedora 17 users and in general whoever uses the SELinux framework should pay attention to the following point: OpenVPN may not be allowed to access the .pem files that are mandatory for the connection to an GateDefender UTM Appliance.

To bypass this problem, grant to OpenVPN access to .pem files, which is a mandatory requirement for certificate-based OpenVPN connections. This can be achieved by issuing the followign commands as root:

grep openvpn /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp

Connection configuration
Go to the Network Manager icon in the tray and right-click on it. Next, go to VPN Connections > Configure VPN.



A window will appear allowing you to set up the connection by supplying all the necessary parameters. Click on OpenVPN.



Now, follow these steps in the VPN tab:



Click on Add > OpenVPN > Create.
  1. Write the OpenVPN server IP address.
  2. Fill in the Username and Password fields.
  3. Choose the CA certificate you received for this connection.

Click on Advanced. In the new window carry out the next two steps.



Tick the options: Use LZO data compression, and Use a TAP device > OK. (If the OpenVPN server is configured to use a TAP devive, otherwise do not tick it or specify TUN)

Go to IPv4 > Routes and tick Use this connection only for resources on its network.


Help nº- 20200318 41814 EN
ALWAYS ONLINE TO HELP YOU TWITTER FORUM
ALWAYS ONLINE TO HELP YOU TWITTER FORUM