Tavve zoneranger User Manual page 379

Note that the Ranger Gateway install CD provides sample SSL/TLS certificates that are matched to
the default configuration of the RGVI service on the Ranger Gateway. If you prefer to use your own
certificates, you will need to modify the OpenVPN client configuration to use your certificates, and
you will need to modify the RGVI configuration on the Ranger Gateway, to accept your certificates.
The remaining details for performing the installation and configuration steps are dependent on the
operating system being used. Additional information for a number of supported operating systems is
provided in the following sections. If no information has been provided for the operating system
you are using, please contact Tavve technical support.
Solaris
A pre-built Solaris OpenVPN package can be downloaded from http://www.blastwave.org, an open
source Solaris software site. In order to install packages from the Blastwave site, you will need to
have the pkgutil tool, installed on your server. You can test to see if the pkgutil tool is already
installed by looking for the following executable:
/opt/csw/bin/pkgutil
If the pkgutil executable is not found, follow the instructions for downloading and installing
pkgutil, as described on the following web page:
http://www.blastwave.org/jir/blastwave.fam
Once pkgutil has been installed, you can install OpenVPN by simply executing the following
command:
/opt/csw/bin/pkgutil/pkgutil --install openvpn
The installation process installs the openvpn executable in the /opt/csw/sbin directory, and
creates the following directory for OpenVPN configuration files:
/etc/csw/openvpn
The next step is to copy the following sample files from the rgvi directory on the Ranger Gateway
install CD to the /etc/csw/openvpn directory. The specific files to be copied, and the associated
configuration instructions depend on whether you prefer to start the OpenVPN client manually or
intend to configure the OpenVPN client to start automatically when the operating system is restarted
(i.e. via an init.d script), as described in the following sections.
Starting the OpenVPN Client Manually
If you prefer to run the OpenVPN client manually, copy the following files from the rgvi directory
on the Ranger Gateway install CD to the /etc/csw/openvpn directory:
•
rgviClient.conf
•
rgviClient.crt
•
rgviClientWithPassword.key
•
tavveCA.crt
After the files have been copied, you will need to edit the rgviClient.conf file to specify the
list of Ranger Gateway candidates, as described above. Once this step has been completed, you can
run the OpenVPN client by executing the following commands:
cd /etc/csw/openvpn
/opt/csw/sbin/openvpn rgviClient.conf
ZoneRanger 5.5 User's Guide 379