IPsec/IKEv2-based VPN software for Linux
 
         
            
             
                
        - VPN Configuration[Tab] > VPN Realms[Left-Tree]
            - VPN Configuration[Tab]
            > VPN Realms[Left-Tree]
            > Realm ID: Realm Name[Left-Tree]
            > My Key Store[Left-Tree]:
            Click this tree node and show My Key Store pane.
            
- Enter the following.
              Authentication Method: RSA Signature(RSA-Sig)
              
              My ID Type: auto
              
              Key Format: PEM(Base64-encoding) - File
              
              My Certificate(X.509, *.pem): gateway1.example.com-cert.pem
              
              RSA private key(*.pem): gateway1.example.com-pkey.pem
              
              RSA Private Key's Password: password
              
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree] 
              > My Key Store[Left-Tree] >
              > Certificate URL[Left-Tree]: 
              Click this tree node and show Certificate URL  pane.
            
- Click Add Certificate URL button.
- Add a New Certificate URL[Dialog]: Enter the followings, then click OK button.
              Type: My Certificate 
              
              URL: cert.example.com/gateway1.example.com-cert.der
              
              
              In this example, the DER-encoded certificate for gateway1.example.com is available at 
              http://cert.example.com/gateway1.example.com-cert.der.
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree]
              > CA Certificate/CRL[Left-Tree]:
              Click this tree node and show CA Certificate/Certificate
              Revocation List(CRL) pane.
            
- Enter the following.
              Certificate/CRL Format: PEM(Base64-encoding) - File
              
              CA Certificates(X.509, *.pem): rootca1-cert.pem
              
            
              - VPN Configuration[Tab]
              > Edit VPN Realm(Save, Add, etc.)[Left-Tree]: 
              Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.
            
- Click Save Configuration button.
- VPN Configuration[Tab] > VPN Realms[Left-Tree]
            - VPN Configuration[Tab]
            > VPN Realms[Left-Tree]
            > Realm ID: Realm Name[Left-Tree]
            > My Key Store[Left-Tree]:
            Click this tree node and show My Key Store pane.
            
- Enter the following.
              Authentication Method: RSA Signature(RSA-Sig)
              
              My ID Type: auto
              
              Key Format: PEM(Base64-encoding) - File
              
              My Certificate(X.509, *.pem): chained-remotehost1-my-certs.pem
              
              RSA private key(*.pem): remotehost1.sales.example.com-pkey.pem
              
              RSA Private Key's Password: password
              
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree] 
              > My Key Store[Left-Tree] >
              > Certificate URL[Left-Tree]: 
              Click this tree node and show Certificate URL  pane.
            
- Click Add Certificate URL button.
- Add a New Certificate URL[Dialog]: Enter the followings, then click OK button.
              Type: My Certificate 
              
              URL: cert.example.com/gateway1.example.com-cert.der
              
              
              In this example, the DER-encoded certificate for remotehost1@sales.example.com is available at 
              http://cert.example.com/remotehost1.sales.example.com-cert.der.
            
              Type: intermediate CA Certificate 
              
              URL: cert.example.com/subca1-cert.der
              
              SubjectName(DN): C=JP, ST=Tokyo, L=Minatoku, O=example, OU=sales, CN=subca1
              
              
              In this example, the DER-encoded certificate for SubCA1 is available at 
              http://cert.example.com/subca1-cert.der.
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree]
              > CA Certificate/CRL[Left-Tree]:
              Click this tree node and show CA Certificate/Certificate
              Revocation List(CRL) pane.
            
- Enter the following.
              Certificate/CRL Format: PEM(Base64-encoding) - File
              
              CA Certificates(X.509, *.pem): rootca1-cert.pem
              
            
              - VPN Configuration[Tab]
              > Edit VPN Realm(Save, Add, etc.)[Left-Tree]: 
              Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.
            
- Click Save Configuration button.
 
                
        - VPN Configuration[Tab] > VPN Realms[Left-Tree]
            - VPN Configuration[Tab]
            > VPN Realms[Left-Tree]
            > Realm ID: Realm Name[Left-Tree]
            > My Key Store[Left-Tree]:
            Click this tree node and show My Key Store pane.
            
- Enter the following.
              Authentication Method: RSA Signature(RSA-Sig)
              
              My ID Type: auto
              
              Key Format: PEM(Base64-encoding) - File
              
              My Certificate(X.509, *.pem): gateway1.example.com-cert.pem
              
              RSA private key(*.pem): gateway1.example.com-pkey.pem
              
              RSA Private Key's Password: password
              
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree] 
              > My Key Store[Left-Tree] >
              > Certificate URL[Left-Tree]: 
              Click this tree node and show Certificate URL  pane.
            
- Click Add Certificate URL button.
- Add a New Certificate URL[Dialog]: Enter the followings, then click OK button.
              Type: My Certificate 
              
              URL: cert.example.com/gateway1.example.com-cert.der
              
              
              In this example, the DER-encoded certificate for gateway1.example.com is available at 
              http://cert.example.com/gateway1.example.com-cert.der.
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree]
              > CA Certificate/CRL[Left-Tree]:
              Click this tree node and show CA Certificate/Certificate
              Revocation List(CRL) pane.
            
- Enter the following.
              Certificate/CRL Format: PEM(Base64-encoding) - File
              
              CA Certificates(X.509, *.pem): chained-ca-certs.pem
              
            
              - VPN Configuration[Tab]
              > Edit VPN Realm(Save, Add, etc.)[Left-Tree]: 
              Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.
            
- Click Save Configuration button.
- VPN Configuration[Tab] > VPN Realms[Left-Tree]
            - VPN Configuration[Tab]
            > VPN Realms[Left-Tree]
            > Realm ID: Realm Name[Left-Tree]
            > My Key Store[Left-Tree]:
            Click this tree node and show My Key Store pane.
            
- Enter the following.
              Authentication Method: RSA Signature(RSA-Sig)
              
              My ID Type: auto
              
              Key Format: PEM(Base64-encoding) - File
              
              My Certificate(X.509, *.pem): remotehost1.sales.example.com-cert.pem
              
              RSA private key(*.pem): remotehost1.sales.example.com-pkey.pem
              
              RSA Private Key's Password: password
              
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree] 
              > My Key Store[Left-Tree] >
              > Certificate URL[Left-Tree]: 
              Click this tree node and show Certificate URL  pane.
            
- Click Add Certificate URL button.
- Add a New Certificate URL[Dialog]: Enter the followings, then click OK button.
              Type: My Certificate 
              
              URL: cert.example.com/gateway1.example.com-cert.der
              
              
              In this example, the DER-encoded certificate for remotehost1@sales.example.com is available at 
              http://cert.example.com/remotehost1.sales.example.com-cert.der.
            
              - VPN Configuration[Tab]
              > VPN Realms[Left-Tree]
              > Realm ID: Realm Name[Left-Tree]
              > CA Certificate/CRL[Left-Tree]:
              Click this tree node and show CA Certificate/Certificate
              Revocation List(CRL) pane.
            
- Enter the following.
              Certificate/CRL Format: PEM(Base64-encoding) - File
              
              CA Certificates(X.509, *.pem): chained-ca-certs.pem
              
            
              - VPN Configuration[Tab]
              > Edit VPN Realm(Save, Add, etc.)[Left-Tree]: 
              Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.
            
- Click Save Configuration button.