Monthly Archives: April 2011

Configuring IPSecuritas for Use with a SonicWall TZ190 Enhanced, Part 2 Configuring the Client Computer

This is part two of Configuring IPSecuritas with a Sonicwall TZ190 Enhanced. If you missed the first part you can go back and check it out here.

Find the information you recorded in Part 1, we’ll need it below.

  1. Download and Install IPSecuritas. Refer to installation manual if needed.
  2. Launch IPSecuritas and then launch the Connection window by clicking the Connections menu and then selecting Edit Connections….
  3. Click the Plus Sign ( + ) at the bottom left to create a new connection. (shown as “TEST CLIENT”) Enter the WAN IP Address of the sonicwall in the Remote IPSec Device field. Select Host in the Endpoint Mode (Local). Select Network in the Endpoint Mode (Remote). Enter your network Address. See Figure 1.
  4. Click the Phase 1 Tab. Enter the information from Part 1 Step Four28800, DH2, 3DES, SHA-1. Exchange Mode: Aggressive. Proposal Check: Obey. Nonce Size: 16. See Figure 2.
  5. Click the Phase 2 Tab. Enter the information from Step Four28800, 3DES, SHA-1. PFS Group: None. See Figure 3.
  6. Click the ID Tab. Local Identifier: Address. Remote Identifier: Set this to FQDN, Use the Firewall Identifier from Step Seven. Authentication Method: Preshared Key. Use Preshared Secret from Part 1 Step ThreeNOTE: If you are using XAUTH change Authentication Method to XAUTH PSK, enter User and Password  from Part 1 Step Ten and Preshared Secret from Part 1 Step Three. See Figure 4.
  7. Skip the DNS tab, Click the Options Tab. Make sure your Settings appear the same as the picture. See Figure 5.
  8. Click START from the IPSecuritas Program or Widget.

Again, these instructions have only been tested with a Sonicwall TZ190 Enhanced, These instructions may need to be alerted to work with other SonicWall Models. Please let me know if you’ve been able to get these instructions (or slightly modified instructions) to work on any other SonicWall routers.

Configuring IPSecuritas for Use with a SonicWall TZ190 Enhanced

Okay here’s another guide that probably should have been put online sooner, but hey better late than never right? I’m sure there are probably a ton of TZ 1×0’s kicking around and if you’ve got a MAC and want to VPN in, but don’t have the SSL vpn software then you’ll need this guide. I’ve not tested this with anything other than a TZ190 Enhanced, but I’m pretty confident that it would work with at least any Enhanced OS in that same generation of SonicWalls, and maybe even outside of that generation as well.

This is the equivalent Global VPN Client for Mac.

Here is Part 1 – Router Side Configuration:

  • Note: Identify whether or not the SonicWall will hand out DHCP addresses. Make note of this as we’ll need it later in the configuration.
  1. Start by clicking the VPN tab and then select Settings. See Figure 1.
  2. Click on the WAN GroupVPN Configure button. See Figure 2.
  3. Set your Authentication Method to IKE using Preshared Secret and Record your Shared Secret. See Figure 3.
  4. Click the Proposals Tab. Record your settings. In this case we are using DH 2, 3DES, SHA1, and 28800 for Phase 1 & 3DES, SHA1, and 28800 for Phase 2. See Figure 4.
  5. Click the Advanced Tab. Without XAUTH (As Shown See Figure 5.): Set Allow Unauthenticated VPN Client Access to Firewalled Subnets. Or With XAUTH (not shown): Check Require Authentication of VPN Client via XAUTH. Change User Group for XAUTH users to Trusted Users.
  6. Click the Client Tab. Change the Cache XAUTH User Name and Password on Client to Never. Change the Virtual Adapter settings: to DHCP Lease or Manual Configuration. Check the Use Default Key for Simple Client provisioning. Uncheck all other options. See Figure 6.
  7. Click Ok. Return to the VPN Settings page. Record your Sonicwall’s Unique ID. See Figure 7.
  8. Click DHCP Over VPN. Click the Configure button. See Figure 8.
  9. If the SonicWall is acting as the DHCP server (as shown, See Figure 9.) then Check Use Internal DHCP Server. Check For Global VPN Client. Or If the SonicWall is NOT acting as the DHCP server (not shown) then Check Send DHCP requests to the server addresses listed belowClick Add… and Add your DHCP’s Server’s IP address.
  10. (OPTIONAL) If you configured Trusted Users as the XAUTH group in Step Five continue with the steps below, Otherwise Skip to configuring the Client.

  • Click the Users Tab, Select Local Users, Click Add User…
  • Add a new user for each remote user and record the passwords.
  • Change to the Groups tab for each user and add that user to the Trusted Users group.
  • Click OK to Exit the New User… Window and then click the Users tab, select Local Groups, and then click the configure button for Trusted Users
  • Click the VPN Access tab, add Firewalled Subnets into the Access List: section. Click Ok

Once You’ve completed these steps and Recorded all of the necessary information that you were asked to record, download and install IPSecuritas from the link HERE, and then Hop over to Part 2 – Configuring the IPSecuritas Client on a Mac, Here.

Configuring Outlook Archives & Auto-Archive the correct way

I’m always getting yelled at for setting up Auto-Archive the wrong way, it’s not because I don’t know how to do it, and it’s not that the items that I set out to archive don’t go where they are supposed to, it’s that the NEXT time any archive is run, Outlook chooses to use a new file, in the default location. This may be fine for you, but most admins prefer that these archives be stored on a share, or somewhere else that’s easy to back up.

And this is where you say, well use a GPO. The problem with that is a lot of the time not every user will want the same settings, or same location for their archive, and some users are really good at keeping their inbox clean, so why force them to archive old items?

Figure 1

Anyway here is the long and short of getting Outlook to archive items to a manually created Archive file on a network share, and getting it to continue to use that same archive file for future archives:

  1. Open Outlook and Right-Click on any folder in your Inbox and select “Properties” from the menu.
  2. Click the “AutoArchive Tab”.
  3. Change your selection to “Archive items in this folder using the default settings” and then click the button for “Default Archive Settings”. See Figure 1.
  4. Configure Outlook’s default settings and file location based on your preference.  See Figure 2. When done, click the “OK” button in the AutoArchive window.
  5. Click CANCEL on the original window, so that these settings are not applied to any or all of your outlook inbox folders. Now you can either configure thesettings on the proper folders, or run a one time archive from the file menu, and

    Figure 2

    be certain that the archived mail will go to the correct location

    Using this method the chances of a user ending up with 15 archive files, located on both network and local storage are minimized, however, if you want to make sure that archived mail is never lost, you should use a GPO and control where mail is stored and when it’s archived using policy.

OSX 10.6.7 Update Breaks Sonicwall Net Extender (Again)

More Sonicwall NetExtender fun. This time it’s 10.6.7 changing permissions on the /usr/sbin/pppd folder.

I had users over the weekend update Mac OS X 10.6 to version 10.6.7, after the update they were unable to connect to thier Net Extender . When they tried to connect, it failed and then displayed the connetion log. The log contained the following entries:

[general warn 28598] NetExtender 881 closed unexpectedly; attempting to cleanup pppd 28566
[dns info 28608] Restarting mDNSResponder

I’ve only tested this fix for Net Extender version 5.0.680, but I’ve confirmed that it’s working with that version. We’ll need to adjust the permissions on the folder /usr/sbin/pppd:

Open terminal, and enter the following command:

sudo chmod u+s /usr/sbin/pppd

Enter your password at the prompt, allow the command to complete. Once that’s been entered, close and reopen the Net Extender, and then you should be able to connect.