Brocade Communications Systems 5600 Reference Manual page 41

TABLE 17 Configuring the generation of the client bundle (Continued)
Step
Configure the SSL-VPN server address to use for the client
bundle.
Configure the SSL-VPN server port to use for the client bundle.
Configure the client certificate on the SSL-VPN server: client
bundles do not use TLS client certificates for authentication—they
are not required on the SSL-VPN connection.
Set a description for the name of the SSL-VPN endpoint.
The client-cert-not-required keyword must be set to allow SSL-VPN clients to connect without a TLS
client certificate that is specific to an end user. Even if client certificates were created, they are not
included in any SSL-VPN client bundles.
The description serves as the identifier for various objects. In non-OpenVPN interfaces, the description
serves as the network interface alias and is shown in the administration web interface that appears in
the dashboard overview.
In the context of the SSL-VPN client bundle, the description is also used in the following cases:
• The Service-User Web Portal and is presented to the end user as the name of the SSL-VPN instance
or endpoint
• Name of the SSL-VPN client as the profile name that is inside the Brocade SSL-VPN client
• Tunnelblick
• The Linux Network Manager applets
• File names of client bundles
NOTE
Tip: use an end-user friendly name to distinguish between potential different SSL-VPN endpoints or
Brocade vRouter instances, for example: ACME HQ, ACME EMEA, and so on. Setting the description
to ACME HQ results in client bundle files, which the user has to download, with names like ACME HQ
v1.exe, ACME HQ v1.zip, and so forth.
In addition to the mandatory settings, settings that are shown in the following example influence the
configuration of the client bundle.
The following example shows how to configure additional settings for the client bundle.
TABLE 18 Configuring the generation of the client bundle
Step
Configure the system for the hash algorithm.
Configure the system for an encryption method.
Configure the system for a transport protocol.
When optional settings or mandatory settings are changed, a new version of the SSL-VPN client
bundles is generated during the next configuration commit.
To enable client bundle configuration, you must specify for which operating systems the bundles needs
to be set.
Brocade 5600 vRouter OpenVPN Reference Guide
53-1003719-03
Command
vyatta@vyatta# set interfaces openvpn vtunX local-
host SSL-VPN_server_address
vyatta@vyatta# set interfaces openvpn vtunX local-
port SSL-VPN_server_port
vyatta@vyatta# set interfaces openvpn vtunX client-
cert-not-required
vyatta@vyatta# set interfaces openvpn vtunX
description SSL-VPN_endpoint_name_for_end_user
Command
vyatta@vyatta# set interfaces openvpn vtunX hash hash_algorithm
vyatta@vyatta# set interfaces openvpn vtunX encryption
encryption_method
vyatta@vyatta# set interfaces openvpn vtunX protocol
transport_protocol_to_use
Brocade SSL-VPN Client Bundler
41