Endian Firewall 2 3 Rc1 Manual Book
102
Endian Firewall 2.3 rc1 ~ Manual Book ~ ค่ ูมือการติดต ้ังและการปรับแต่ง Endian Firewall สำาหรับผ้ ูเร่ิมต ้น Endian Firewall 2.3 rc1 - Manual Book 1
Transcript of Endian Firewall 2 3 Rc1 Manual Book
Endian Firewall 2.3 rc1 - Manual Book
Endian Firewall 2.3 rc1~ Manual Book ~
Endian Firewall
1
Endian Firewall 2.3 rc1 - Manual Book
E-book Firewall Green, Red, Blue, Orange ? Lan set IP Address Firewall, Proxy, Load Balance ... ???? ThaiAdmin ThaiAdmin ... topic Endian Firewall Topic Endian Firewall Firewall ... E-Book Thaiadmin PM DM Link ( .. ^o^ ) ... E-book !! E-book ...
Somhpong Ph. Soi62@ThaiAdmin 13 Oct 2009
. .... ref : http://www.thaiadmin.org/board/index.php?topic=112996.0
2
Endian Firewall 2.3 rc1 - Manual Book
3
Endian Firewall 2.3 rc1 - Manual Book
Quality of Service DevicesPart 1 : Endian Firewall (EFW) Overview Endian Firewall Community ? (Neoboyd@Thaiadmin) EFW? ? EFW(Neoboyd@Thaiadmin) Hardware (Neoboyd@Thaiadmin) (Soi62@Thaiadmin) Part 2 : Network (Neoboyd@Thaiadmin) (Green & Red) (Neoboyd@Thaiadmin) Network EFW Green, Red, Blue Orange(DMZ) (Neoboyd@Thaiadmin Red ThaiAdmin ? Part 3 : config Firewall config system access config outgoing Part 4 : 4.1 Proxy (Neoboyd@Thaiadmin) 4.2 Contentfilter block , (tototyt) -
-
-
Part 5 : config Logging Log Log Part 6 : Config VPN server Open VPN Client to Site (tototyt@thaiadmin) Open Vpn Site to Site (tototyt@thaiadmin) IPSEC Part 7 : Network 7.1 Interfaces : ( Link ) 7.2 Routing : 7.3 Edit Hosts : Hosts Part 8 : Service 8.1 DHCP : IP Address 8.2 Traffic Monitoring : Ntop 8.3 Quality of Service Devices (QOS) :
-
-
4
Endian Firewall 2.3 rc1 - Manual Book
Part 9 : FAQ Part 10 : Appendix () Credits ()
-
-
5
Endian Firewall 2.3 rc1 - Manual Book
Part 1 :
Endian Firewall (EFW) Overview
First Sceen (Dashboard)
6
Endian Firewall 2.3 rc1 - Manual Book
Management
Dashboard
Quality of Service and Bandwidth
7
Endian Firewall 2.3 rc1 - Manual Book
Web Security
Intrusion Prevention System
Group-based content filtering & enhanced
Enhanced Network Address Translation (NAT) Other.... - Traffic-based Hotspot tickets and automatic user generation - Event handling and notification - SNMP support - Revamped Mail Security - Sophos Anti-Virus (optional) - Commtouch RPD (optional)
8
Endian Firewall 2.3 rc1 - Manual Book
Endian Firewall Community ?Endian Firewall Community Unified Threat Management (UTM) ... 1. Stateful packet inspection firewall 2. Application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with Antivirus support 3. Virus and spamfiltering for email traffic (POP and SMTP) 4. Content filtering of Web traffic 5. VPN solution (based on OpenVPN) Endian Firewall software Open source Endian S.r.l. * Network firewall + E-mail spam filtering + Anti-virus capability + IDS or IPS = UTM ** Stateful packet inspection firewall** *
EFW? ?1. Firewall EFW OpenSource 2. Linux config Web Browser*** 3. 3D 4. consult, config 5. community ThaiAdmin " 5 ^o^ " ***
Web Browser : Internet Explorer, FireFox, Safari, Chrome, etc...
Endian Firewall version 2.3 rc1 ... Endian Firewall Community 2.3 Release Candidate 123 MB. download ISO ISO CD CD speed 4x ~ 12X
Download EFW
Hardware Endian Firewall Community Edition 1. Zone network 2. Linux operating system Linux.com article for more details.
9
Endian Firewall 2.3 rc1 - Manual Book
CentOS 4.6 operating system. CentOS driver version linux chipset Realtek Intel intel Nvidia Raid hardware
Computer Endian Firewall Network 25 Vpn 5 connection ... Recommend Spec : Pentium 3.1 GHz. 512 MB. RAM 8 GB. Hard Disk Drive 1 x 100 Mb. Network Cards (Green & Red ) 24 hrs. x 365 days 50 vpn 10 connections : Performance Spec : Pentium4 2.8 GHz. up 1~4 GB. RAM up
20~80 GB. Hard Disk Drive (Caching, Logging) 4 x 100 Mb. Network Cards (Green, Red, Blue, Orange ) 24 hrs. x 365 days *Caching : ISP Client EFW ISP *Logging : Log EFW . 90 ...
*
10
Endian Firewall 2.3 rc1 - Manual Book
1. CD CD-Rom Drive Boot CD-Rom Drive ....
2. Enter Enter ..
11
Endian Firewall 2.3 rc1 - Manual Book
3. Enter
4. EFW HDD Endian Yes Enter
12
Endian Firewall 2.3 rc1 - Manual Book
5. console Serial Yes Green .... No Enter .....
13
Endian Firewall 2.3 rc1 - Manual Book
6. 5-10
7. IP Address Green ().... Enter ...
14
Endian Firewall 2.3 rc1 - Manual Book
8. IP Address Eject CD ... EFW
9. EFW Enter Reboot ...
10. Shutdown 10
15
Endian Firewall 2.3 rc1 - Manual Book
11. CD .... ?
12. config
16
Endian Firewall 2.3 rc1 - Manual Book
13. Green IP .... 0-Shell : linux 1-Restore Factory : config EFW Clear 2-Reboot : EFW
14. EFW Shell username=root ; password=endian ...
17
Endian Firewall 2.3 rc1 - Manual Book
exit Enter ... ....
18
Endian Firewall 2.3 rc1 - Manual Book
Endian Firewall Config http:// ip 7 IP Green 1. >>> config
2. English(English) Asia/Bangkok
3. Accept License
19
Endian Firewall 2.3 rc1 - Manual Book
4. Restore Backup Endian Firewall Restore NO >>>
Restore Yes >>> Browse Config Backup 5. Remote SSH
20
Endian Firewall 2.3 rc1 - Manual Book
6 >>>
6. Red Interface Internet 1. Ethernet Static IP IP 2. Ethernet Dhcp IP IP DHCP Server IP 3. PPPOE internet Adsl username password IP ISP IP Fix Dynamic 4. Adsl USB PCI adsl interface usb pci 3 driver 5. ISDN digital 6. Analog/UMTS Modem UMTS* 7. Gateway Endian Internet Nat router *UMTS "Universal Mobile Telecommunication System" 3G GSM, GPRS EDGE W-CDMA - UMTS 2 Mbit/sec - EDGE 4
21
Endian Firewall 2.3 rc1 - Manual Book
7. Network Zone Zone Blue Orange ... 1. Orange Zone DMZ Server Map Public IP ISP 2. Blue Zone Wifi Zone * Blue & Orange None >>>
22
Endian Firewall 2.3 rc1 - Manual Book
8. Internet 8.1 Red interface Ethernet Static 1. IP address ip Internet Leased Line Adsl Fixed IP Ip 1 IP address Subnet Mask 2. Add additional Addresses(One IP/Netmask or IP/CIDR perline): IP Leased Line IP 8 1 Network Class, 1 Router, 1 Broadcasting 1 Endian Firewall IP 4 Map Orange Zone Server 172.16.1.10/255.255.255.0 172.16.1.10/24 3. Interface 4. Default Gateway Internet
23
Endian Firewall 2.3 rc1 - Manual Book
8.2 Red 1. 2. 3.
interface Ethernet DHCP Interface Internet DHCP MTU packet Spoof Mac address with Mac address 4. Dns 2 Dns server ISP Manul Dns server 5. >>>
24
Endian Firewall 2.3 rc1 - Manual Book
8.3 Red interface PPPOE 1. Interface Internet 2. Add additional Addresses(One IP/Netmask or IP/CIDR perline): Adsl Corporate Premium IP 1 ip Concept username password authen IP Add additional Addresses(One IP/Netmask or IP/CIDR perline): Online Adsl IP Dynamic 3. Username 4. Password 5. Authentication PAP or Chap 6. MTU packet
25
Endian Firewall 2.3 rc1 - Manual Book
7. Dns 2 Dns server ISP Manul Dns server 8. Service ISP 9. Concentractor Name 10. >>>
26
Endian Firewall 2.3 rc1 - Manual Book
27
Endian Firewall 2.3 rc1 - Manual Book
8.4 Adsl (USB,PCI) Adsl Modem USB PCI 1. Modem >>>
2. ISP PPPOE >>>
28
Endian Firewall 2.3 rc1 - Manual Book
3. VPI / VCI 3.1 VPI ( ISP ) 3.2 VCI ( ISP ) 3.3 Encapsulation LLC 3.4 MTU packet 3.5 Add additional Addresses(One IP/Netmask or IP/CIDR perline): Adsl Corporate Premium IP 1 ip Concept username password authen IP Add additional Addresses(One IP/Netmask or IP/CIDR perline): Online Adsl IP Dynamic 3.6 Username 3.7 Password 3.8 Authentication PAP or Chap 3.9 Dns 2 Dns server ISP Manul Dns server >>> VPI / VCI ISP ISP Cslox Samart TOT True TT&T VPI 0 0 1 0 0 VCI 35 35 32 100 33
29
Endian Firewall 2.3 rc1 - Manual Book
CATTELECOM Buddy BB
0 0
33 35
8.5 ISDN 1. Modem ISDN 2. Internet 3.
30
Endian Firewall 2.3 rc1 - Manual Book
4. 5. 6. 7.
Usename Password Authen PAP or CHAP Add additional Addresses(One IP/Netmask or IP/CIDR perline): ISDN Corporate Premium IP 1 ip Concept username password authen IP Add additional Addresses(One IP/Netmask or IP/CIDR perline): Online ISDN IP Dynamic 8. MTU packet 9. Dns 2 Dns server ISP Manul Dns server >>>
31
Endian Firewall 2.3 rc1 - Manual Book
8.6 Analog /UMTS Modem 1. Port /dev/ttyS0/ 2. Modem >>>
32
Endian Firewall 2.3 rc1 - Manual Book
3. 4. Access Point 5. Username 6. Password 7. Authen PAP or CHAP 8. Add additional Addresses(One IP/Netmask or IP/CIDR perline): Personal Use IP ISP Dynamic 9. MTU packet 10. Dns 2 Dns server ISP Manul Dns server >>>
33
Endian Firewall 2.3 rc1 - Manual Book
8.7 Gateway IP Internet >>>
34
Endian Firewall 2.3 rc1 - Manual Book
9. DNS Server 2 ( DNS ) >>>
DNS Server HiNet by CAT : DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134
35
Endian Firewall 2.3 rc1 - Manual Book
HiNet by TTT DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134 TTT ( 3BB ) DNS : 202.69.137.137 / 202.69.137.138 TOT DNS : 203.113.127.199 / 203.113.24.199 True DNS: 203.144.207.29 / 203.144.207.49 10. ... 1. Email 2. Email Endian 3. smtp server >>>
11. OK, Apply Configuration
36
Endian Firewall 2.3 rc1 - Manual Book
12.
13. Browser http:// IP Green Zone
37
Endian Firewall 2.3 rc1 - Manual Book
14. login default Webconfig User Admin password 5
15. Dash Board
38
Endian Firewall 2.3 rc1 - Manual Book
~ ~
39
Endian Firewall 2.3 rc1 - Manual Book
Part 2 : Network Network EFW
Zone Linux Firewall Zone 4 Zone 1. RED : (untrusted network Internet) 2. GREEN : (trusted network Intranet(Lan)) 3. ORANGE : Server (DMZ Server Zone) 4. BLUE : ( Wireless ) Zone
1 : Endian Server Firewall Nat Proxy Management log
40
Endian Firewall 2.3 rc1 - Manual Book
2 : Endian Server Zone DMZ 2
41
Endian Firewall 2.3 rc1 - Manual Book
3 : Endian Zone 4 Zone Endian Firewall
42
Endian Firewall 2.3 rc1 - Manual Book
4 : Endian Firewall Gateway log internet Traffic Mornitor internet
43
Endian Firewall 2.3 rc1 - Manual Book
44
Endian Firewall 2.3 rc1 - Manual Book
Manual 1Wan(RED) + 1 Lan(Green) Leased Line Adsl Config Requirement Adsl 2 Config Adsl Endian Config Red Main Uplink Internet Internet 1. Login Dashboard Interface UP Online Config CPU MEMORY HDD version log build Uplinks Connect
2. internet log Authentication IP 2 Fix Dynamic IP Set Fix DHCP IP Endian DHCP Service -> DHCP-SERVER DHCP Client IP Endian Firewall Start Address IP DHCP End address IP IP Primary Dns Secondary Dns NTP IP Time-server Enable Click
45
Endian Firewall 2.3 rc1 - Manual Book
Save IP policy Version IP Dhcp server IP Network Version IP Fixed Lease Ex.: Notebook set tcp/ip Optain auto IP Dhcp Endian Function Allow only fixed lease IP Current Fixed lease Notebook IP Endian manual tcp/ip properties windows Add fixed lease notebook Mac address ipconfig /all Add a Fixed Lease IP save IP Add a Fixed Lease Dynamic IP DHCP-server Endian IP user IP Config Dhcp IP set
46
Endian Firewall 2.3 rc1 - Manual Book
Static DHCP Add a fied lease Fixed lease 3 1. Computer Name 2. Mac Address 3. IP Mac address IP IP 1. Setup Tcp/Ip 2. Mac address 1 IP 1 3. IP Set manual Dhcp Fix Lease 4. Version Function Allow only Fixed lease Current fixed lease *** Cap *** *** update DNS Windows Server Client Dynamic Dhcp Window server Dns server Window ip client ip Faq 2*** 3. Default Internet Client IP Gateway Internet internet Proxy Client internet Firewall Firewall Firewall internet Endian Firewall Iptable routing port firewall Port Forwarding/Nat Outgoing Firewall Source? --> Destination? Service? Policy? Actions *** update concpet forward server client *** Firewall -> Port Forwarding/Nat Internet Port Forwarding/Nat Server online Endian Firewall *** update concpet internet ***
47
Endian Firewall 2.3 rc1 - Manual Book
Part 3 : Config Endian Firewall Firewall -> Outgoing Traffic Internet Config Disable port 80 443 user user proxy
***
Config Endian Firewall ***
48
Endian Firewall 2.3 rc1 - Manual Book
Part 4 : Proxy 4.1 Proxy (Neoboyd@Thaiadmin) Proxy download internet Proxy server 1 Endian Proxy 1. Client Endian 2. Proxy Client Browser Concept Browser IP Port Proxy-Server 3. Endian Firewall version 2.3 rc1 Automatic Configuration Script proxy.pac Script proxy address proxy.pac http://Ipendain/proxy.pac Domain Group Policy set proxy client Admin support *** Set Proxy Group Policy Domain Windows Server **** User Configuration Windows Settings Internet Explorer Maintenance Connection Proxy Setting double click Enable proxy settings ip endian http port Use the same proxy server for all addresse *** Set Proxy Group Policy Windows server Disable Proxy IE *** 1. Start Run gpedit.msc 2. User Configuration > Administrative Templets > Windows components > Internet Explorer 3. Disable Changinging proxy settings 4. Enabled *** Msn proxy *** 1. proxy msn 2. username password user 3. Proxy Enable proxy
1. 2. 3. 4. 5. 6. 7.
49
Endian Firewall 2.3 rc1 - Manual Book
5. Proxy Green Orange Blue 1. Not Transparent Zone Authentication 2. Transparent internet Authentication Proxy Setting 1. Port Used by Proxy Port Proxy server 2. Error Langauge Error 3. Visible Hostname Proxy-server 4. Email Used For notification 5. minimum download size download 6. Maximum upload Size upload 7. Allowed port port proxy SSL 8. Log Settings log log user agent 9. By pass tranparent proxy config Authentication 10. Cache Size on harddisk proxy harddisk cache Harddisk user cache 11. Cache Size within Memory Cache Ram 12. Maximum Object Size proxy cache cache version KB 13. Minimum Object size proxy internet jpg
50
Endian Firewall 2.3 rc1 - Manual Book
14. 15. 16. 17.
swf html 1024Kb. 1 Mb. version KB Clear Cache Clear cache index squid Enable Offline mode offline cache internet Do not cache this destinations url cache Upstream Proxy Proxy proxy speed cache ip:port username password Click Save
51
Endian Firewall 2.3 rc1 - Manual Book
52
Endian Firewall 2.3 rc1 - Manual Book
6. Antivirus
7. Authentication Local username password Endian Windows Authentication Ldap Window Domain Radius Server Endian Username Password Radius Server Authentication Local 1. Authentication Realm login proxy 2. Number of Child Authentication children login 3. Number of different ips per user IP user IP user login comupter user login 1 4. Authentication cache TTL user login 5. User/IP Cache TTL user IP 4 6. Min Password Lenght user
53
Endian Firewall 2.3 rc1 - Manual Book
7. Manage User user 8. Manage Group User
USER Click Add NCSA user
54
Endian Firewall 2.3 rc1 - Manual Book
user password create user
55
Endian Firewall 2.3 rc1 - Manual Book
Create User 2 Admin User Authentication
56
Endian Firewall 2.3 rc1 - Manual Book
authentication click Manage Group
57
Endian Firewall 2.3 rc1 - Manual Book
58
Endian Firewall 2.3 rc1 - Manual Book
Group admin add user admin Group Admin Create Group add User Group
59
Endian Firewall 2.3 rc1 - Manual Book
add User Group Group Apply
60
Endian Firewall 2.3 rc1 - Manual Book
User Group
61
Endian Firewall 2.3 rc1 - Manual Book
Group Policy Internet 1. Proxy -> Access Policy Policy 2. Add Access Policy
62
Endian Firewall 2.3 rc1 - Manual Book
3. Policy 1. Source Type Policy Any Authentication Internet 2. Destination Any Authenticaiton user internet 3. Authentication Allowed Users 4. Time Restriction 5. Active Days 4 Active Days policy 6. Start Hours, Start Minutes, Stop Hours Stop Minutes 4 policy 7. User Agents Browser click Browser 8. Access Policy Allow Authentication 9. Filter Profile Endian Filter Virus 10. Position Policy 11. Enable Policy Rule policy Update Policy
63
Endian Firewall 2.3 rc1 - Manual Book
64
Endian Firewall 2.3 rc1 - Manual Book
Apply Policy apply
Policy Reboot login
65
Endian Firewall 2.3 rc1 - Manual Book
user Set internet login browser username password
4.2 Contentfilter block , (tototyt@thaiadmin)* Endian Firewall Community release 2.3.0 (c) 2004-2009 ( ) 1. Profile Create a Profile Profile ( content1 ) 1.1 Profile Name : * 1.2 Activate antivirus scan * activate antivirus scan 1.3 Platform for Internet Content Selection 1.4 Max. score for phrases (50-300) * 1.5 3 - Filters pages containing phrases of the following categories. (Content Filtering) (Content Filtering)
66
Endian Firewall 2.3 rc1 - Manual Book
- Filter pages known to have content of the following categories. ( URL Blacklist )
Filter ( URL Blacklist )
67
Endian Firewall 2.3 rc1 - Manual Book
- Custom black- and whitelists
Custom
1.6 Create profile Update profile 1.7 Contenfilter Profile Prolicy Tab Access Policy Add access policy Filter profile Profile
68
Endian Firewall 2.3 rc1 - Manual Book
: Policy
**** Update ****
69
Endian Firewall 2.3 rc1 - Manual Book
Part 5 :
config Logging Log
Live log Proxy log*** update *** *** update ***
Backup Configuration Restore Configuration*** update ***
70
Endian Firewall 2.3 rc1 - Manual Book
FAQQ: EFW "GRUB Loading Stage 2 ......" EFW ? A: EFW console Serial port port ... Serial port BIOS EFW Q: DNS server Window Server Client Dynamic IP Endian firewall Dns server Window ip client A: Windows Server Dns Server Domain Allow Dynamic update Non-secure and Secure Dns update Aging Scavenge Q: A: Q: A: Q: A:
71
Endian Firewall 2.3 rc1 - Manual Book
Part 6 Config Open VPN6.1 Open VPN Client to Site OpenVPN Host-to-Net ( Client to Site ) Endian Firewall Community 2.3 RC1 ( : tototyt , :Noktualek ) 2/07/2008 ( 27/10/2009) efw 2.3 RC1 Endian Firewall Community OpenVPN net-to-net host-to-net host-to-net
VPN host-to-net 1 (LAN) Internet LAN (Internet) LAN LAN VPN
72
Endian Firewall 2.3 rc1 - Manual Book
1 VPN host-to-net client to site VPN 1. Public IP Fix IP Site A 2. Fix IP Dynamic DSN 3. IP IP VPN Subnet 192.168.1.0/24 remote 192.168.121.0/24 192.168.1.1/24 Endian Firewall Remote ADSL Router 192.168.1.1/24 IP Address VPN Server 1. Endian Firewall Community Web Browser (https://server_ip_address:10443) 2. vpn Openvpn Server Tab Server configuration 3. Dynamic IP pool start address Dynamic IP pool end address IP Address (LAN) ( Roadwarrior ) checkbox OpenVPN Server enabled IP VPN DHCP IP 192.168.1.230-254 25 2
73
Endian Firewall 2.3 rc1 - Manual Book
2 Server configuration 4. Save and restart 2 5. Accounts 3 Add account
3 Accounts 6. Username Password checkbox Direct all client traffic through the VPN server 4 Save
74
Endian Firewall 2.3 rc1 - Manual Book
4 Add new user * connect Fix IP IP Static ip addresses 7. Restart OpenVPN server 5
75
Endian Firewall 2.3 rc1 - Manual Book
5 8. Advanceed 6 Save and restart
6 Advanced 9. Download CA Certificate XXX.cer Client 7 ( IE 8 xxx.cer (xxx ) CommetBird Browser xxx.pem
76
Endian Firewall 2.3 rc1 - Manual Book
7 Download CA Certification Status Services STOPED RUNNING 7.1
7.1 Open VPN Server Status Client 1. OpenVPN GUI for Windows http://openvpn.se/ Download Stable Installation Package openvpn-2.0.9-gui-1.0.3-install.exe
8 2. OpenVPN client Default Options C:\Program Files\OpenVPN 3. Icon Taskbar 9
9 OpenVPN icon
77
Endian Firewall 2.3 rc1 - Manual Book
4. client.ovpn C:\Program Files\OpenVPN\sample-config C:\Program Files\OpenVPN\config 5. VPN Icon 9 Edit Config C:\Program Files\OpenVPN\config\client.ovpn 6. ( config copy config client dev tap proto udp ( tcp 6 tcp) remote site-001a.dyndns.org xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun ca cacert.pem ( 9) auth-user-pass comp-lzo remote Domian site-001a.dyndns.org IP Address OpenVPN Server IP Public IP IP Private IP IP port 1194 ca path ( CA ) 7. disable cert client.crt key client.key client.ovpn ";" ( 6 ) 8. CA (xxxx.cer) OpenVPN Server ( 9 Server) config C:\Program Files\OpenVPN\config 10 1. Connect Icon OpenVPN Client user password
78
Endian Firewall 2.3 rc1 - Manual Book
10 2. Connect OpenVPN Icon Taskbar 11
11 3. IP Address Server IP pool 12
79
Endian Firewall 2.3 rc1 - Manual Book
12 4. OpenVPN Server user 13 kill
13 user CA Server ( ) 1. Server IP Client IP
80
Endian Firewall 2.3 rc1 - Manual Book
IP Dynamic IP pool start address Restart
Connect IP
81
Endian Firewall 2.3 rc1 - Manual Book
2. Connect Firewall VPN traffic Enable VPN Firewall
rule
82
Endian Firewall 2.3 rc1 - Manual Book
Open VPN 1. Webconfig Endian Forward Router
2. Ping Private IP Address VPN Client IP Address
3. Remote Admin File Sharing Printer Sharing
83
Endian Firewall 2.3 rc1 - Manual Book
VPN Client to Site ADSL 1. ADSL client endian server 2. Database Map drive Express VPN Client Site Terminal Remote Desktop 3. Open VPN Client(Open VPN 2.0.9) Windows 7 4. Internet VPN Client gateway Endian Server Upload Endian Server () 5. 4 LAN Policy Firewall VPN Policy 6. IP Address 7. Sharing folder Protocal UDP TCP 6 client 6 8. IP Class A 10.0.0.0/24 Endian 2.2 IP Client VPN 192.168.0.0/24 Bug * Rule
6.2 Open VPN Site to Site Net-to-Net Endian Firewall
Endian Firewall 2.3
25/11/2006
( : )
OpenVPN Net-to-Net Endian Firewall 2.3 VPN net-to-net Site-to-Site Intranet VPN 2 Site A Site B Site Site Site IP Private IP Site
84
Endian Firewall 2.3 rc1 - Manual Book
VPN OpenVPN Open Source OpenVPN Endian Firewll
1 VPN host-to-hots Site A Site B
Server Site A1. Endian Firewall 2 Site 2. 3. 4.
* Host-to-Net Client To Site Endian Firewall Community Web Browser (https://server_ip_address:10443) vpn Openvpn Server Tab Server configuration Dynamic IP pool start address Dynamic IP pool end address IP Address (LAN) ( Roadwarrior )
checkbox OpenVPN Server enabled 2
85
Endian Firewall 2.3 rc1 - Manual Book
2 Server configuration 5. Save and restart 2 6. Accounts 3 Add account
3 Accounts Username Password checkbox Direct all client traffic through the VPN server 4 Save 7.
86
Endian Firewall 2.3 rc1 - Manual Book
4 Add new user 8. Restart OpenVPN server 5
87
Endian Firewall 2.3 rc1 - Manual Book
5 9. Advanceed 6 Save and restart
6 Advanced 10. Download CA Certificate XXX.cer Server Site B
88
Endian Firewall 2.3 rc1 - Manual Book
7 Download CA Certification Status Services STOPED RUNNING 7.1
7.1 Open VPN Server Status
Server Site B1. Site B OpenVPN client (Gw2Gw) Add tunnel configuration
8 OpenVPN client (Gw2Gw)
89
Endian Firewall 2.3 rc1 - Manual Book
2. Add VPN tunnel 9 Connection Name : Connection to : Public IP VPN Server Site A Upload ca file : CA VPN Server Site A Username : username VPN Server Site A Password : password VPN Sever Site A Remark :
9 Add VPN tunnel 3. Advanced tunnel configuration 10 Connection configuration Fallback VPN servers : Prot (1194) Connection type: Routed Bridge to : GREEN
90
Endian Firewall 2.3 rc1 - Manual Book
-
Block DHCP responses coming from tunnel:
NAT : * Ping Protocol: UDP *
HTTP proxy configuration Proxy HTTP proxy : Proxy username : Proxy password : Forge proxy user-agent :
10 Advanced tunnel configuration 4. 11 () CA
91
Endian Firewall 2.3 rc1 - Manual Book
11 Advanced tunnel configuration 5. Siate A Connection status and control 12 IP Address Global settings VPN Server Site B Status Site B established 13 Client VPN Server
92
Endian Firewall 2.3 rc1 - Manual Book
Site A
12 Connection status and control Site A Site B
13 Status Site B * Site A Site B 1. Connect ( Status established ) Ping
93
Endian Firewall 2.3 rc1 - Manual Book
- Advanced tunnel configuration NAT - Filewall / VPN firewall configuration Rule (Disable) - Ping Site B Site A Ping Site A Site B established 2. Connect ( Status established ) Ping - ......
94
Endian Firewall 2.3 rc1 - Manual Book
Part 7 : Network 7.1 Interfaces : ( Link ) 7.1.1 Uplinks manage * Intranet Loadbalance Lan Card Drivers Lan Card Route Endian Firewall 1. Interfaces TAB Uplink editor Create an uplink 7.1.1-1
7.1.1-1 2.
3. Create Uplink
95
Endian Firewall 2.3 rc1 - Manual Book
7.1.2 VLAN manager ..
7.2 Routing
:
( Policy Routing ) Routing 7.2.1 ( Static 1. Tab
Routing Editor )
Static Routing / Add a new route 7.2.1-1
7.2.1-1 2.
3. Add Route
7.2.2 ( Policy
Routing Editor )
96
Endian Firewall 2.3 rc1 - Manual Book
1. 7.2.1 () 7.2.2-1
7.2.2-1 2. Update Rule * Multi WAN , Internet Load Balance ( Route )
7.3 Edit Hosts : Hosts Hosts Client Report Log Ntop IP Hosts IP
97
Endian Firewall 2.3 rc1 - Manual Book
Part 8 : Serveice8.1 DHCP : IP Address ( Dynamic Host Configuration Protocol ) DHCP IP Address
8.2 Traffic Monitoring : Ntop NTOP .... 8.2.1. NTOP ( Enable Traffic Monitoring ) Service / Traffic Monitoring Enable Traffic Monitoring NTOP
The Traffic Analyzer module is active: access to the administration interface
8.2.2 NTOP ( Access to the NTOP By : administration interface ) administration interface 8.2.2-1
8.2.2-1
98
Endian Firewall 2.3 rc1 - Manual Book
8.3 Quality of Service Devices (QOS) : 8.3.1 :
: Quality of Service Devices
8.3.2 :
: Quality of Service Classes
99
Endian Firewall 2.3 rc1 - Manual Book
8.3.3 :
Quality of Service Rules
100
Endian Firewall 2.3 rc1 - Manual Book
Part 9 : QQTip 1. Restart - password password "endain" ( " ") - password root # passwd control password - password admin config web # htpasswd /var/efw/auth/ users admin - update " configure Tools -> Options -> Advance -> Encryption -> View Certificates Servers ip address endian firewall Servers Authorities efw-xxxxxx " NinNin http://www.thaiadmin.org/board/index.php?topic=121955.0 Noktualek
101
Endian Firewall 2.3 rc1 - Manual Book
Part : 10
Referrence
http://www.easyzonecorp.net/network/view.php?ID=241 http://www.itwizard.info/technology/linux/efw/ovpn_host_to_net/ efw_ovpn_host_to_net.html http://samba-beginner.blogspot.com/2009/01/setup-openvpn-endianfirewall.html http://samba-beginner.blogspot.com/2009/02/openvpn-endianfirewall.html
102
![Endian Firewall 2 3 Rc1 Manual Book[1]](https://static.fdocument.pub/doc/165x107/54fe565c4a7959f4248b4eeb/endian-firewall-2-3-rc1-manual-book1.jpg)
