Billion Electric Company BiGuard VPN Client BiGuard Series User manual

Category
Networking
Type
User manual

This manual is also suitable for

Version Release 3.0
BiGuard C01
BiGuard VPN Client
Secure access to Company Network
Users Manual
Table of Contents i
T
T
a
a
b
b
l
l
e
e
o
o
f
f
C
C
o
o
n
n
t
t
e
e
n
n
t
t
s
s
CHAPTER 1: INTRODUCTION............................................................................................................. 1
INTRODUCTION TO BIGUARD VPN CLIENT ............................................................................................... 1
FEATURES.................................................................................................................................................. 1
CHAPTER 2: INSTALLING BIGUARD VPN CLIENT ....................................................................... 3
SOFTWARE INSTALLATION.......................................................................................................................... 3
SOFTWARE EVA L U ATI O N ............................................................................................................................ 4
ACTIVATION WIZARD................................................................................................................................. 4
Two easy step Wizard............................................................................................................................ 4
Step 1 of 2: Enter License Number .................................................................................................. 5
Step 2 of 2: Online Activation.......................................................................................................... 6
Activation errors............................................................................................................................... 6
SOFTWARE UNINSTALLATION..................................................................................................................... 7
CHAPTER 3: NAVIGATION THE USER INTERFACE ...................................................................... 8
N
AVIGATION THE USER INTERFACE............................................................................................................. 8
S
YSTEM TRAY............................................................................................................................................ 8
MAIN WINDOW........................................................................................................................................ 10
MAIN MENUS .......................................................................................................................................... 10
STATUS BAR .............................................................................................................................................11
WINDOWS “ABOUT.................................................................................................................................11
HIDDEN INTERFACE ................................................................................................................................. 12
WIZARDS................................................................................................................................................. 12
PREFERENCES .......................................................................................................................................... 12
VPN Client start mode........................................................................................................................ 12
Miscellaneous..................................................................................................................................... 13
CHAPTER 4: VPN CONFIGURATION................................................................................................ 14
CONFIGURATION WIZARD........................................................................................................................ 14
Four easy step Wizard ........................................................................................................................ 14
Step 1 of 4 ........................................................................................................................................... 15
Step 2 of 4 ........................................................................................................................................... 15
Step 3 of 4 ........................................................................................................................................... 16
Step 4 of 4 ........................................................................................................................................... 16
VPN TUNNEL CONFIGURATION ............................................................................................................... 17
How to create a VPN Tunnel? ............................................................................................................ 17
Multiple Authentication or IPSec Configuration Phase..................................................................... 17
Advanced Features ............................................................................................................................. 18
AUTHENTICATION OR PHASE 1................................................................................................................. 18
What is Phase 1? ................................................................................................................................ 18
Phase 1 Settings Description.............................................................................................................. 19
Phase 1 Advanced configuration........................................................................................................ 20
IPS
EC CONFIGURATION OR PHASE 2........................................................................................................ 22
What is Phase 2? ................................................................................................................................ 22
Phase 2 Settings Description.............................................................................................................. 22
Phase 2 Advanced configuration........................................................................................................ 23
G
LOBAL PARAMETERS GLOBAL SETTINGS DESCRIPTION...................................................................... 25
VPN
TUNNEL VIEW HOW TO VIEW OPENED TUNNELS?......................................................................... 26
USB
MODE.............................................................................................................................................. 27
What is USB Mode?............................................................................................................................ 27
Table of Contents ii
How to set USB Mode on?.................................................................................................................. 27
How to enable a new USB Stick? ....................................................................................................... 28
How to automatically open tunnels when an USB Stick is plugged in?............................................. 28
CERTIFICATE MANAGEMENT (PLEASE SEE APPENDIX A - COMPATIBLE TABLE OF BILLION VPN ENABLED
DEVICES AND
BIGUARD VPN CLIENT) .................................................................................................... 29
Additional support documents............................................................................................................ 29
How to configure IPSec VPN Client with Certificates?..................................................................... 29
CONFIGURATION MANAGEMENT HOW TO IMPORT OR EXPORT A VPN CONFIGURATION? ..................... 30
CONFIGURATION TOOLS........................................................................................................................... 31
Command line tools............................................................................................................................ 31
Stopping VPN Client: option “/stop”................................................................................................. 31
Import VPN Configuration: option “/import” and “/importance”.................................................... 31
VPN Client Startup mode: VPNSTART...............................................................................................31
Hiding VPN Client configuration user interface: VPNHIDE............................................................. 31
CONSOLE AND LOGS................................................................................................................................ 32
Console Windows................................................................................................................................ 32
CHAPTER 5: TROUBLESHOOTING.................................................................................................. 34
INTRODUCTION........................................................................................................................................ 34
TOOLS IN CASE OF TROUBLE .................................................................................................................... 34
A good network analyzer: ethereal..................................................................................................... 34
VPN IPSEC TROUBLESHOOTING ............................................................................................................. 34
« PAYLOAD MALFORMED » error (wrong Phase 1 [SA])............................................................... 34
« INVALID COOKIE » error.............................................................................................................. 34
« no keystate » error........................................................................................................................... 35
« received remote ID other than expected » error.............................................................................. 35
« NO PROPOSAL CHOSEN » error.................................................................................................. 35
« INVALID ID INFORMATION » error............................................................................................. 36
No response for phase 1 requests ....................................................................................................... 36
SEND, RECV and that is all!.............................................................................................................. 36
No response to phase 2 requests......................................................................................................... 37
I clicked on “Open tunnel”, but nothing happens.............................................................................. 37
The VPN tunnel is up but I can’t ping! ............................................................................................... 37
APPENDIX A: COMPATIBLE TABLE OF BILLION VPN ENABLED DEVICES AND BIGUARD
VPN CLIENT............................................................................................................................................ 38
APPENDIX B: PRODUCT SUPPORT AND CONTACT INFORMATION...................................... 39
Billion BiGuard VPN Client
Chapter 1: Introduction
1
Chapter 1: Introduction
Introduction to BiGuard VPN Client
Your network is constantly evolving as you integrate more business applications and
consolidate servers. In that environment, it is becoming extremely complex to maintain total
security at the edge while users being employees or Teleworkers on the go are working with
customers and partners. You need to get access to those applications and servers quickly,
easily and securely.
BiGuard VPN client is an IPSec VPN software for Windows versions that allows establishing
secure connections over the Internet usually between a remote worker and the Corporate
Intranet. IPSec is the most secure way to connect to the enterprise as it provide strong user
authentication, strong tunnel encryption with ability to cope with existing network and firewall
settings.
Features
Windows supported versions
Win95, Win98, Me, NT, Win2000, WinXP
Tunneling Protocol
Full IKE support: The IKE implementation is based on the OpenBSD 3.1 implementation
(ISAKMPD), thus providing best compatibility with existing IPSec routers and gateways.
Full IPSec support: Main mode and Aggressive mode
MD5 and SHA hash algorithms
NAT Traversal
NAT Traversal Draft 1 (enhanced), Draft 2 and 3 (full implementation)
Including NAT_OA support (floating port for IKE exchange)
Including NAT keepalive
Encryption
Provides DES, 3DES and AES 128/192/256 bits encryption.
User Authentication (Please see Appendix A)
X-Auth support
Preshared keying support
Support of Group 1, 2 and 5 (i.e. DH768, 1024 and 1536)
Flexible Certificate support (PEM, PKCS12, ...)
USB Stick
VPN configurations and security elements (certificates, Preshared key, ...) can be saved
into an USB Stick in order to remove authentication information from the computer.
Log console
All phase messages are logged for testing or staging purpose, and multiple files (10)
allows to easily narrow the view on specific aspects.
Billion BiGuard VPN Client
Chapter 1: Introduction
2
Invisible User Interface
Silent install and invisible graphical interface allow IT managers to deploy solutions while
preventing user to misuse configurations.
Configuration building
User Interface and Command Line.
Billion BiGuard VPN Client
Chapter 2: Installing BiGuard VPN Client
3
Chapter 2: Installing BiGuard VPN Client
Software installation
BiGuard VPN client installation is a classical Windows installation that does not require specific
information. After completing the installation, you will be asked to reboot your computer.
After reboot and session login, a window appears for a license number request. The license
number is shown on the CD packaging.
Quit: will close established this window and software.
Evaluate: allows you to continue software evaluation. Evaluation period is displayed into the
yellow bar above.
Activate: allows you to activate the software online. This requires a License Number. When
clicking on “Activate” button, an Activation Wizard pops up.
Buy: allows you to find the purchase contact window a license in Billion’s Website.
Shortcuts: After software installation, BiGuard VPN window can be launched:
1. From user desktop, by double-clicking on BiGuard VPN shortcut.
2. From VPN Client icon available in the taskbar.
3. From menu Start > Programs > Billion > BiGuard VPN > Billion BiGuard VPN.
On Windows NT, 2000 and XP, you must have administrator rights. If it is not
the case, the installation stops after the language choice with an error
message.
Billion BiGuard VPN Client
Chapter 2: Installing BiGuard VPN Client
4
Software Evaluation
It is possible to use BiGuard VPN Client during the evaluation period (i.e. limited to 30 days) by
clicking on "Evaluate" button. When the IPSec VPN Client is on "Evaluation" mode, the register
window appears at each boot of the client. Evaluation period is displayed into the yellow bar
above.
Once evaluation period expires, “Evaluation” button is no longer available and the software is
disabled.
Activation Wizard
Two easy step Wizard
The Activation Wizard is a two steps Wizard that allows users to activate the software online.
Activation requires a License Number. Enter your License Number, email address and click
'Next' as shown below. Email address will be used to send back an activation confirmation to
the user.
The “Activation Wizard” can be launched from the VPN Client software as such:
Click on the “?” menu and then click on "Activation Wizard".
Click on the “Activate” button in the startup windows when you start the VPN Client.
Billion BiGuard VPN Client
Chapter 2: Installing BiGuard VPN Client
5
Step 1 of 2: Enter License Number
Activation requires a License Number. Enter your License Number, your email address and click
“Next” as shown below. Email address will be used to send back an activation confirmation
email to the user once activation has been successfully performed.
From VPN Client release 3.0 and later, the License Number format is a 24-digit number (i.e. 4
times 6 digits). Older License Number format is a 20-digit number. You can select the right
format by clicking on “Format” on the right end side next to the License Number field as follow:
Billion BiGuard VPN Client
Chapter 2: Installing BiGuard VPN Client
6
Step 2 of 2: Online Activation
The “Activation Wizard” will automatically connect to the online software activation server to
activate the VPN Client Software. You can go back at anytime to change the License Number.
Activation errors
In case of an error is returned by the online software activation server, as shown below, you
shall click on the (help button) available in the window to get more online explainations and
recommandations on how to proceed next.
Error codes Error messages Error explanations
Error 001 License not found License number doesn't exist in the activation server
database. There must be an error in entering the
license number. Also some old licenses are 20 digits
only while new licenses are 24 digits.
Error 002 Reserved Reserved
Error 003 Activation quota Too many installations and activations have been
Billion BiGuard VPN Client
Chapter 2: Installing BiGuard VPN Client
7
exceeded processed for this specific license number. License
numbers can not be used more than allowed by your
IT department.
Error 004 Wrong product code The License number you've entered is not allowed on
this software product. This software product requires
a specific license number that is provided by the
distributor of this software.
Error 050 Impossible to
complete activation
process
Activation server can not generate activate code for
this license at the moment of activation
Error 051 Impossible to
complete activation
process
Activation server can not generate activate code for
this license at the moment of activation
Error 052 Impossible to
complete activation
process
Activation server can not generate activate code for
this license at the moment of activation
Error 053 Cannot connect
activation server
The activation server can't be contacted. Reasons
can be broken Internet connection, activation server
down, firewall and security policies.
Error 054 Cannot connect
activation server
The activation server can't be contacted. Reasons
can be broken Internet connection, activation server
down, firewall and security policies.
Error 055 Activation code error Activation code might have been modified after
activation.
Software Uninstallation
BiGuard VPN Client can be uninstalled:
1. From Windows Control Panel by selecting “Add/Remove programs”.
2. From Start Menu > Programs > Billion > BiGuard VPN > Uninstall BiGuard VPN
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
8
Chapter 3: Navigation the User Interface
Navigation the user interface
BiGuard VPN Client is fully autonomous and can start and stop tunnels without user
intervention, depending on traffic to certain destinations. However it requires a VPN
configuration.
The VPN Client configuration is defined in a VPN configuration file. The software user interface
allows creating, modifying, saving, exporting or importing the VPN configurations together with
security elements (e.g. Preshared key).
The user interface is made of several elements:
1. System Tray Icon
2. Main window
3. Main menus
4.
Status bar
5.
Wizards
6.
Preferences
System Tray
The VPN Client user interface cab be launched via a double click on application icon (Desktop
or Windows Start menu) by single click on application icon in system tray. Once launched, the
VPN Client software shows an icon in this system tray that indicates whether a tunnel is opened
or not, using color code.
VPN Client application color code is the following:
Blue icon: no VPN tunnel is established
Green icon: at least one VPN tunnel is opened
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
9
A left-button click on VPN icon opens configuration user interface.
A right-button click shows the following menu:
Quit: will close established VPN tunnels, stops the configuration user interface.
Save & Apply: will close established VPN tunnels, apply latest VPN configuration modification
and reopen all the VPN tunnels.
Console: shows log window.
Connections: opens the list of already established VPN tunnels. You can configure tunnels to
open up automatically when the software starts.
List of configured tunnels with current status. Tunnels can be opened or closed from this menu
as well.
Tooltips over VPN Client icon shows the connection status of the VPN tunnel:
1. "Tunnel <tunnelname>” when one or more tunnels are established.
2. "Wait VPN ready...” when the IKE service is reinitializing.
3. "BiGuard VPN Client” when the VPN Client is up but with no opened tunnel.
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
10
Main Window
The main window is made of several elements:
1. Three buttons “Console”, “Parameters” and “Connections” (left column).
2. A tree list window (left window) that contains all IKE and IPSec configuration.
3. A configuration window (right window) that shows the associated tree level.
Main Menus
There are several menus as followed:
File: used to Import or Export a configuration. It is also used to choose the location of the VPN
Configuration: local or USB…. It is finally used to configure miscellaneous preferences such as
the way the VPN Client may start (e.g. before or after logon, ...).
VPN Configuration: contains all actions from tree control right-click menu, it also gives access
to the “Configuration Wizard”.
Tools: contains “Console” and “Connections” choice.
?: gives access to online support and window “About”, it also gives access to the “Activation
Wizard”
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
11
Status Bar
The status bar displays several informations:
The left side box indicates the VPN configuration location. For example, if the "USB Mode" is
set, the image will show a USB stick, enabled or not depending on the presence of a valid VPN
USB stick.
The central box gives some information about VPN Client Software status (e.g. "opening tunnel
in progress", "saving configuration rules in progress", "VPN client start up in progress", …)
The light box (right side) gives some information about tunnels (e.g. Green light
means at least one tunnel is open, Gray light means no tunnel open)
Windows “About”
The “About” window provides the VPN Client software version. There is also an URL to our web
site.
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
12
Hidden Interface
The graphical user interface can be hidden to the end user. We provide configuration tools for
IT managers that prevent the end user from changing their configuration. Access to the
configuration user interface can be restricted with configuration tool VPNHIDE. See section
Configuration Tools.
In that case, the Main window can not be opened and showed by double-clicking on desktop
icon, by selecting Start menu. Right-click over the icon in taskbar is limited to "Console" access,
quitting the software, and opening/closing the configured tunnels:
Wizards
There are two Wizards available:
VPN Configuration Wizard can be launched from Menu “VPN Configuration” > “Config Wizard”.
Software Activation Wizard can be launched from Menu “?” > “Activation Wizard“.
Preferences
Preferences window allows you to define:
Start up mode of the software
Enable/Disable the detection of interface disconnection feature
Preferences are available via Menu “File” and click “Preferences”.
VPN Client start mode
BiGuard IPSec VPN Client software has several start up mode, such as: BiGuard VPN Client
Billion BiGuard VPN Client
Chapter 3: Navigation the User Interface
13
can start with 3 different modes:
Start VPN Client software before MS Windows logon: this mode can be used for secure
remote login
Start VPN Client software after MS Windows logon
Don't start VPN Client when I start MS Windows: VPN Client is launched by user or from a
script ("manual" mode)
Miscellaneous
Disable detection of interface disconnection: allows the VPN Client maintain tunnels opened
while the network interface disconnects momentarely but very often. This type of behavior
occurs when the interface used to open tunnels is unstable such as WiFi, GPRS and all 3G
interfaces.
Billion BiGuard VPN Client
Chapter 4: VPN Configuration
14
Chapter 4: VPN Configuration
Configuration Wizard
Four easy step Wizard
BiGuard VPN client provides a Configuration Wizard that allows the creation of VPN
configuration in four easy steps. This Configuration Wizard is designed for remote computers
that need to get connected to a corporate LAN through a VPN gateway.
Let take the following example:
The remote computer has a dynamically provided public IP address.
It tries to connect the Corporate LAN behind a VPN gateway that has a DNS address
"gateway.mydomain.com".
The Corporate LAN address is 192.168.1.xxx. e.g. the remote computer want to reach a server
with the IP address: 192.168.1.100.
For configuring this connection, open the wizard window by selecting menu "Configuration >
Wizard".
Billion BiGuard VPN Client
Chapter 4: VPN Configuration
15
Step 1 of 4
You need to specify the following information:
The public (network side) address of the remote gateway Address (In IP or Domain name). (e.g.
specify gateway.mydomain.com)
The Preshared-key you will use for this tunnel (this Preshared-key must be the same in the
gateway).
Step 2 of 4
You must specify the following information:
The IP address of your remote gateway LAN Network address (e.g. specify 192.168.1.0).
Billion BiGuard VPN Client
Chapter 4: VPN Configuration
16
Step 3 of 4
You need to input this VPN Client IP address that will be used to identify the client in the VPN
connection (e.g. specify 192.100.205.101).
Step 4 of 4
The fourth step summaries your new VPN configuration. Other parameters may be further
configured directly via the main interface (e.g.virtual IP address, etc..).
Be sure that each client must use different VPN Client IP Address.
Warning
Billion BiGuard VPN Client
Chapter 4: VPN Configuration
17
VPN Tunnel Configuration
How to create a VPN Tunnel?
To create a VPN tunnel from the main window (without using the Configuration Wizard), you
must follow the following steps:
1. Right-click on “Configuration’ in the tree list window and select “New Phase 1”
2. Configure Authentication Phase (Phase 1)
3. Right-click on the “new Phase 1” in the tree control and select “Add Phase 2”
4. Configure IPSec Phase (Phase 2)
5. Once the parameters are set, click on "Save & Apply" to take into account the new
configuration. That way the IKE service will run with the new parameters
6. Click on "Open Tunnel" for establishing the IPSec VPN tunnel (only in "IPSec Configuration"
window)
Please refer to Phase 1 and Phase 2 for settings descriptions.
Multiple Authentication or IPSec Configuration Phase
Several Authentication Phases can be configured. Therefore, one computer can establish IPSec
VPN connections with several gateways or other computers (peer to peer).
Similarly, several IPSec Configurations (Phase 2) can be created for a same Authentication
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42

Billion Electric Company BiGuard VPN Client BiGuard Series User manual

Category
Networking
Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI