Next Previous Contents

4. PGPNet


In this chapter the settings of PGPNet will be shown in screenshots to connect to the FreeSWAN Gateway, but first we will import the certificates we created into PGPKeys.
Only the settings needed to get a working IPSec VPN are described. Other issues concerning PGPNet are not within the scope of this document.
Copy the freeswan-cert.pem and client.p12 to the roadwarrior machine/laptop using a secured medium. If you use sftp or scp, make sure you transfer the certificates in binary mode.

4.1 Importing the X.509 certificates

The certificates we have created in chapter 3 need to be imported into PGPNet. This can be done by using the utility called PGPKeys.
We will first import the FreeSWAN certificate, then the Client certificate that also contains the CA certificate.

Startup PGPKeys.
Then choose keys -> Import key -> select freeswan-cert.pem
Click here to see a screenshot of the result.
Click import

Now we will import the client certificate.
choose keys -> Import key -> select client.p12

You will see two certificates, one of the Certificate Authority and one certificate that belongs to the client. When asked for a password type in the <EXPORT_PASSWORD> you gave when you created the .p12 file in section 3.6.
Click here to see a screenshot of the result.
Click import.

Once the certificates are in, we can put trust in these certificates. We can do this by using the PGP private key you created while installing PGPNet. Right click on the FreeSWAN certificate and choose sign. Type in the correct password that you gave when you created the key.
Screenshot

Once you have done this, put the trust level of it at 'high'.
Screenshot
Repeat this for the CA Certificate and Client certificate.

So far the certificates.

4.2 PGPNet Configuration

Use the setadapter utility to set the correct interface you will be using to connect to the gateway. You have probably used this utility before, because it is part of PGPNet\s installation process.
Screenshot

Then reboot as requested.
Once this is done we will create connection definitions in PGPNet. Start up PGPNet and go to the VPN tab. In the tab window, right click and add a VPN gateway.
Click here for a screenshot

Click ok.

It will ask you for a authentication key or certificate.
Click yes.

Click select certificate in the X.509 section.
Click on the client certificate.

Click here for a screenshot.
Click ok.

Now you return to PGPNet and its VPN tab.
Next is to put in the internal network that is behind the gateway.
Right click on the gateway we have just created and choose add, Select subnet and type in the subnetmask and IP range of your internal network.

Click here for a screenshot. (internal network.jpg)
Click ok.

Now we will set up the proposals and the rest of PGPNet correctly.
In PGPNet click view -> options.

Click the VPN advanced tab and setup the proposals according to this screenshot .


Now click the VPN tab and set up the key renewal according to this screenshot.


Click the advanced tab and set it up as the following screenshot.

The rest of the PGPNet options do not have any impact on the way our tunnel will be set up.

If everything is done according to this HOWTO we can try to bring the tunnel up and running. Make a connection to the internet and when this is done, go to the PGPNet VPN tab. Right click on the connection definition we created and select 'connect'. Now the tunnel will be established and if everything is correct, you will see the same result as the following screenshot.


Next Previous Contents