Installing The Ssl Vpn Client - D-Link NetDefendOS User Manual

the SSL VPN interface, this FQDN is handed out to the client which then resolves the FQDN
using DNS to a specific IP address. This allows the server address to change dynamically with
only the DNS entry being changed.
If this option is specified, the Server IP in General Options above is ignored.
• IP Pool
As described above, client IP addresses for new SSL VPN connections are handed out from a
pool of private IPv4 addresses. This pool is specified by an IP address object defined in the
NetDefendOS address book. It is not the same as an IP Pool object used with IPsec.
The pool addresses do not need to be a continuous range but must belong to the same
network. The Inner IP property must also belong to this network but must not be one of
the pool IPs.
• Primary DNS
The primary DNS address handed out to a connecting client.
• Secondary DNS
The secondary DNS address handed out to a connecting client.
• Client Routes
By default, all client traffic is routed through the SSL tunnel when the client software is
activated. This behavior can be changed by specifying that only specific IPv4 addresses,
networks or address ranges will be accessible through the tunnel.
When this is done, only the specified routes through the tunnel are added to the client's
routing table and all other traffic is routed as normal. A maximum of five custom routes can
be specified for a tunnel.
Add Route Option
• Proxy ARP
So that SSL VPN clients can be found by a network connected to another Ethernet interface,
client IP addresses need to be explicitly ARP published on that interface.
This Add Route option allows the interfaces for ARP publishing to be chosen. In most
situations it will be necessary to choose at least one interface on which to publish the client
network.

9.7.3. Installing the SSL VPN Client

For the SSL VPN to function, a proprietary D-Link SSL VPN client application must be installed on
the client computer. This is done with the following steps:
1. A web browser must be opened and the protocol https:// needs to be entered into the
browser navigation field followed by the IP address or URL for the Ethernet interface on the
Note: Pool addresses must not exceed a /24 network size
SSL VPN will not function correctly if an IP address is handed out that exceeds the
size of a Class C subnet (a /24 network with netmask 255.255.255.0).
755
Chapter 9: VPN