This how-to illustrates the necessary steps to configure a Roadwarrior SSL VPN (OpenVPN) tunnel between a remote user's computer and a Panda GateDefender eSeries device.
The example below will be creating a remote user (roadwarrior) connection to allow communication between any external remote computer and the internal site's Green network.
This will allow the user to act as though they were locally (directly) connected to the Green network and will be able to access the same internal resources.
Enable the VPN Server
- Access the Panda GateDefender administration console and select VPN form the top menu. This will open the OpenVPN server configuration page. If it is not yet enabled, check the OpenVPN server enabled box.
- Choose whether you want the OpenVPN server to run in bridged mode (i.e. included in the interface bridge) or you want it to run in non-bridged mode with a separate, unique VPN IP pool.
The default is to run in bridged mode to the Green zone and this is recommended for most common VPN deployments. If you choose to run in bridged mode, you may also specify which network zone you want to be bridged to the VPN interface.
- Next, set aside a range of IP's within the bridged interface network to be used exclusively by the VPN server. Keep in mind that these IP's shouldn't be allocated anywhere else on the Panda GateDefender appliance (e.g. DHCP range, Static IP's, etc.). That is, the specified IP’s should not be assigned to any other computer in the LAN as they will be assigned to the VPN client.
- Finally, click Save and restart to enable the VPN server.
Note: Once the server has restarted, you should see a link appear to Download CA certificate and you will need to do this before you setup the client side. Just click the link and a file download window should appear to save the file (*.pem/.cer) to your local machine. Remember where you store this file for future reference.
At this point, Panda GateDefender eSeries VPN Server section is already configured. You only need to verify that, if there is a router between the appliance and the Internet, this router is redirecting UDP port 1194 to the IP of the appliance red zone. This port can be modified in the Panda GateDefender eSeries Advanced settings and, if so, remember to apply the same modification also to the VPN client.
Create the VPN Users
Now you need to create a user who will have permission to access the VPN. To do so, navigate to VPN Users in the right navigation pane and click Add new User.
Finally, to complete these steps, you only need to download the VPN client, install it and configure it in the roadwarrior using the previously created user and its certificate. For further information on VPN account details and settings, read the complete document How to Create a Basic VPN Connection in Panda GateDefender eSeries.