IPSec Road Warrior Connection
Now we add a road warrior, running a Shrew Soft VPN client. This road warrior will connect to the Network A gateway. In addition to being able to access the Network A local network (192.168.0.0/24), the road warrior can access Network B and Network C as well. To assume an internal IP on Network A’s local network, in this case: 192.168.0.5, you need a road warrior:
Network A Configuration
Create a certificate with the following properties:
|Common Name||IPSec road warrior|
|Organization||My Company Ltd|
Note: No ID is required on this certificate.
Now create the IPSec road warrior tunnel:
|Name||IPSec road warrior|
|Local ID type||Default local certificate ID|
|Local IP||The local IP address client connect to.|
|Remote ID type||Remote IP (or ANY if blank Remote IP)|
|Authenticate by||Certificate provided by peer|
Export the certificate in PKCS#12 format. We will call this file computercert.p12. You will also need the CA file, ca.pem.
Creating a firewall rule
For traffic to flow through the tunnel, you must create a firewall rule that allows traffic to be routed between the internal networks and the clients connecting via IPSEC. This is done in the Network - Firewall section. For a bi-directional rule select both IPSEC and the Internal interfaces in both incoming and outgoing interfaces and select the accept action.
To bring up the connection, the simplest way is to ping a host on the network behind the gateway. After a few retries, you should see the task bar icon change to show a yellow key. This indicates that the tunnel is up. Your client computer will then appear to be connected to the local network behind the VPN gateway. This works both ways; a device on the local network can connect to the road warrior. You should be able to browse web servers. Also, because the tunnel covers all three local networks, you should be able to connect to all three.