Axsguard gatekeeper pptp how to 1.7.
Table of contents 1. Introduction 1.1. Audience and purpose of this document 1.2. Available guides 1.3. What is the axsguard gatekeeper? 1.4. About vasco 2. General concepts 2.1. Overview 2.2. What is a virtual private network? 2.3. What is pptp? 2.3.1. Protocol description 2.3.2. Key elements of pp...
4. Pptp client configuration 4.1. Overview 4.2. Client-side firewall 4.3. Windows xp configuration 4.4. Windows vista configuration 4.5. Windows 7 configuration 5. Troubleshooting 5.1. Client-side troubleshooting 5.2. Server-side troubleshooting 6. Support 6.1. Overview 6.2. If you encounter a probl...
List of figures 2.1. Vpn concept 2.2. Pptp packet 2.3. Pptp control and data channel 2.4. Listing the ppp device with ipconfig 2.5. Pptp client and pptp server with different ip ranges 2.6. Pptp client and pptp server in same ip range 2.7. Consequences of compromised client 3.1. Pptp feature activat...
List of tables 3.1. Pptp general settings 3.2. Pptp user settings 3.3. User level firewall settings © vasco data security 2011 4.
List of examples 3.1. Restricting access to two lan servers © vasco data security 2011 5.
Document version. This is version 1.7 of the axsguard gatekeeper pptp how to. Vasco products. Vasco data security, inc. And/or vasco data security international gmbh are referred to in this document as ‘vasco’. Vasco products comprise hardware, software, services and documentation. This document add...
In this how to, we explain the basic principles of pptp and how to deploy the axsguard gatekeeper pptp server in your network. This documents is intended for technical personnel and network administators. In chapter 2, general concepts , we briefly explain the concept of virtual private networking (...
Access to axsguard gatekeeper guides is provided through the permanently on-screen documentation button in the axsguard gatekeeper administrator tool. Further resources available include: • context-sensitive help, which is accessible in the axsguard gatekeeper administrator tool through the help but...
In this section, we explain the general concepts of virtual private networking (vpn), in particular the point to point tunneling protocol (pptp). Topics covered in the section include: • the key elements underpinning pptp: authentication, tunneling and encryption. • the standard pptp deployment: how...
Pptp stands for point to point tunneling protocol and is an extension of the ppp protocol, defined per rfc 1171 . Pptp allows organizations to use the internet to securely transmit data across a vpn. It does this by embedding its own network protocol within the tcp/ip packets carried by the internet...
• authentication: the vpn server verifies the vpn client’s identity and restricts vpn access to authorized users only (ms-chap and ms-chap v2). The vpn server may also provide audit and accounting capabilities to monitor who accessed which information and when. • tunneling: a technology that enables...
Settings” ). The axsguard gatekeeper enforces 128 bit encryption by default, as this is the most secure option. Compression. Compression reduces the amount of information necessary to transmit data, hereby saving bandwidth and increasing the data transfer speed. Pptp uses the compression control pro...
Once the pptp vpn is up, a ppp interface with its own ip address is assigned to both the client and the pptp server. The client’s interface settings can be viewed by running the ipconfig command from a windows command prompt as shown below. On the client side, all network traffic not destined for th...
The pptp client with ip 10.0.0.1 sends a request to a server in the axsguard gatekeeper lan. This server has ip 192.168.250.200. The server receives the request and replies using the client’s ip address 10.0.0.1 as its destination. Since this ip address (10.0.0.1) is in a different range than the ax...
The pptp client with ip 192.168.250.100 sends a request to a server in the axsguard gatekeeper lan. This server has ip 192.168.250.200. The server replies using the client’s ip address 192.168.250.100 as its destination. Since this address is within the same ip range as the axsguard gatekeeper lan, ...
Risk as illustrated above 1. A hacker on the internet scans public ip addresses for open services and vulnerabilities. 2. The hacker hijacks the client which has a public ip address. 3. The hacker can execute any attack posing as the hijacked computer and can access the resources of the corporate la...
In this section, we explain the required axsguard gatekeeper pptp server configuration settings, such as: • activating the pptp server • encryption settings. • accepted ip ranges. • dns settings. • vpn user settings. • important pptp authentication settings, such as digipass authentication and direc...
1. Log on to the axsguard gatekeeper as explained in the system administration how to. 2. Navigate to vpn & ras ⇒ pptp ⇒ general. A screen as shown below is displayed. 3. Configure the settings as explained in the table below. 4. Click on update when finished. 3.3. General configuration settings fig...
The axsguard gatekeeper itself is not a wins server. The wins server is usually the primary domain controller in your windows domain. Field description accept proposed remote client ip check to accept the ip address proposed by the remote client. Ip address restrictions may apply to certain applicat...
Vasco highly recommends the use of digipass authentication for pptp access. This is the most secure option. You can also combine local passwords with digipass authentication. The following authentication methods can be enforced for pptp: • static password • digipass • digipass or static password • d...
Unsupported authentication policies generate a validation warning when selected. More information about authentication methods, rules and policies and how to assign them to axsguard gatekeeper services, computers, groups and users, is provided in the authentication how to, which is accessible via th...
Figure 3.4. User settings field description user login enabled check / uncheck to enable / disable the user account. Use different password for ras check this option if you want the user to authenticate with a different local password than the one specified for axsguard gatekeeper authentication. Yo...
Always use the strictest firewall settings for pptp (also see section 2.6, “firewalls and pptp” ). Do not use the axsguard gatekeeper no-restrictions and the int-no-restrictions firewall policies as these seriously jeopardize your network security. These policies should be used for testing or troubl...
System-wide firewall rights: system-wide firewall rights apply to all users in the axsguard gatekeeper network. Since connected pptp vpn users are considered a part of the secure network zone, it is of utmost importance to restrict the system-wide firewall rights as much as possible. The default axs...
Example 3.1. Restricting access to two lan servers assume you only wish to grant access to 2 specific servers in the lan for a pptp vpn user. Access to any other servers in the lan is not allowed. This requires you to create two new through firewall rules on the axsguard gatekeeper, allowing traffic...
7. Specify the destination ip of the server which can be accessed, e.G. 10.0.0.1/32 . 8. Select allow as the target. 9. Decide whether you want to log traffic by checking / unchecking the log this rule target? Option. 10. Save the rule. 11. Repeat the same steps for the second server, e.G. 10.0.0.2/...
Important information recorded in the logs: • when a connection was initiated / terminated • the public ip address of the remote client • the ppp ip address used by the remote client • the authentication information • information about encryption • the type of compression • useful error messages for...
In this chapter, we explain how to configure your pptp client in: • windows xp 32-bit • windows vista 32-bit • windows 7 32-bit as mentioned in section 2.6, “firewalls and pptp” , vasco recommends the use of a strong client-side firewall. Ensure that pptp vpn pass-through is allowed on the client fi...
3. Select connect to the network at my workplace and click on next. 4. Select virtual private network connection and click on next. Figure 4.1. Windows xp network connections figure 4.2. Connecting to the network at my workplace © vasco data security 2011 29.
5. Enter a connection name and click on next. Figure 4.3. Virtual private connection figure 4.4. Connection name © vasco data security 2011 30
6. Enter the public ip address or the public fqdn of the axsguard gatekeeper pptp server and click on next. Afterwards click on finish. 7. In the connection screen, click on properties. Figure 4.5. Vpn server selection © vasco data security 2011 31.
8. Select the security tab and check the require data encryption option. Click on ok to continue. Figure 4.6. Pptp vpn properties © vasco data security 2011 32.
9. Enter the user name and password provided by your system administrator and click on the connect button. The connection should be up after a few seconds. You can verify the status of the vpn connection by navigating to the network connections screen (see step 1). 1. From the start button, select c...
2. Select set up a connection or network. Figure 4.8. Windows vista pptp setup © vasco data security 2011 34.
3. Select connect to a workplace. 4. Click on next. Figure 4.9. Set up a connection or network figure 4.10. Connect to a workplace © vasco data security 2011 35.
5. Select use my internet connection (vpn). If prompted for do you want to use a connection that you already have?, select no, create a new connection and click on next. 6. In the internet address field, type the external ip address or the fqdn of the axsguard gatekeeper pptp server. 7. In the desti...
9. Enter the username and password provided by your system administrator. Do not enter a password if you are using digipass authentication. Figure 4.12. Connection ip and description © vasco data security 2011 37.
10. Click on the create button and then the close button. Figure 4.13. User name and password screen figure 4.14. Final configuration step © vasco data security 2011 38.
11. To connect to the pptp vpn server after creating the vpn connection, click on start, then on connect to. 12. Select the vpn connection in the window and click on connect. 13. Enter the user name and password provided by your system administrator and click on the connect button. The connection sh...
You can verify the status of the vpn connection by clicking on the network icon in the lower right corner of your windows desktop (see the image below). 1. Click on the start button and navigate to the control panel. Figure 4.16. Connection successful figure 4.17. Pptp connection status 4.5. Windows...
2. In the control panel, select network and internet. Figure 4.18. Windows 7 control panel © vasco data security 2011 41.
3. Select network and sharing center. 4. Click on set up a new connection or network. Figure 4.19. Windows 7 control panel figure 4.20. Windows 7 network and sharing center © vasco data security 2011 42.
5. Select connect to a workplace and click on next. 6. Select the first option (create a new connection) as shown below and click on next. Figure 4.21. Set up a new connection or network figure 4.22. Connect to a workplace © vasco data security 2011 43.
7. Click on use my internet connection. Figure 4.23. Creating a new connection figure 4.24. Creating a new connection © vasco data security 2011 44.
8. Enter the external ip address or fqdn of the axsguard gatekeeper pptp server you are connecting to (e.G. 62.58.227.146 or vpn.Mydomain.Com ) and enter a name for the connection (e.G. Office). 9. Leave the other options open and click on next. 10. Enter the user name and password provided by your ...
12. Click on connect. You should be connected after a few seconds, depending on the speed of your internet connection. You can verify the status of the vpn connection by clicking on the network icon in the lower right corner of your windows desktop (see the image below). Figure 4.26. Pptp connection...
Figure 4.27. Pptp status © vasco data security 2011 47.
The client is connected to the pptp vpn, but cannot access any resources. 1. Check the vpn & ras firewall rights of the user and adjust them if necessary (see section 3.6, “pptp firewall settings” ). 2. Check the ip address of the client’s ppp device. If the client’s ppp device’s ip address is withi...
Pptp error 734: the ppp link control protocol was terminated. You probably are using incompatible encryption or authentication settings for pptp: 1. Create a new vpn connection with standard settings (see section 4.3, “windows xp configuration” ). 2. Test the new vpn connection. Pptp error 741: the ...
1. The client sits behind a firewall which is blocking pptp / gre traffic. The firewall should be configured to allow this traffic (see section 2.6, “firewalls and pptp” and section 4.2, “client-side firewall” ). Refer to your router / firewall documentation if necessary. 2. Verify the user’s pptp s...
1. Log on to the axsguard gatekeeper administrator tool as explained in the command line interface how to. 2. Use the tcpdump command on the internet device. Pptp log error gre: read(fd=7,buffer=8056b60,len=8260) from network failed: status = -1 error = protocol not available 1. Client firewall: mak...
In this section we provide instructions on what to do if you have a problem, or experience a hardware failure. If you encounter a problem with a vasco product, follow the steps below: 1. Check whether your problem has already been solved and reported in the knowledge base at the following url: http:...
A authentication, supported authentication methods axsguard gatekeeper, what is the axsguard gatekeeper? C chap, key elements of pptp security control channel, standard pptp deployment d data channel, standard pptp deployment documentation, available guides e encapsulation, protocol description f fi...
R routing, overview s support, support t troubleshooting, troubleshooting tunneling, protocol description v virtual private network, what is a virtual private network? Vpn, what is a virtual private network? © vasco data security 2011 54.