Service-User Web Portal; Maintenance Of Ssl-Vpn Client Bundles - Brocade Communications Systems 5600 Reference Manual

Openvpn

Hide thumbs Also See for 5600:

Configuration manual (187 pages)

Reference manual (96 pages)

Quick start manual (48 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

Service-User web portal

To enable SSL-VPN authentication against an LDAP service-user authentication profile with a profile

name of example.com, the profile name just has to be referred to in the openvpn vtunX auth

command for the interfaces, as shown here:

vyatta@vyatta# set resources service-users ldap example.com ....

vyatta@vyatta# set interfaces openvpn vtunX auth ldap example.com

vyatta@vyatta# commit

The preceding configuration change allows access to SSL-VPN for all users who can authenticate

themselves with their LDAP credentials against the example.com LDAP profile.

Service-User web portal

Use the Service-User Web Portal to allow end users to obtain by themselves the SSL-VPN client

bundles. The portal is available by default from the following public-interface address of the Brocade

vRouter:

https://vRouter-public-IP /service

The Service-User Web Portal is disabled by default and shows a message indicating that the service

is not available.

To enable the Service-User Web Portal, enter the following commands:

vyatta@vyatta# set services https service-user

vyatta@vyatta# commit

All service users that are configured in the resource services-users file can authenticate themselves

with their own credentials and passwords.

If all service users are granted access to individual SSL-PVN instances on the Brocade vRouter, they

are provided download links to SSL-VPN client bundles for each configured operating system.

Maintenance of SSL-VPN client bundles

This section covers the maintenance of SSL-VPN client bundles to provide reliable and secure SSL-

VPN service to end users.

Changes to the following configuration options in interfaces openvpn vtunX cause a regeneration of

all configured bundles:

• hash

• encryption

• tls ca-cert-file

• local-host

• local-port

• protocol

• description

This regeneration occurs to provide SSL-VPN client configuration that is always up to date. We

recommend that an end user obtain the latest SSL-VPN client bundle to get SSL-VPN configuration

changes.

The file name of each client bundle includes a suffix to identify the latest version of the client in this

form: filename-vversionnumber.exe. For example: ACME HQ-v2.exe.

NOTE

Only the most recent version of a bundle is kept on the Brocade vRouter persistent volume.

Brocade 5600 vRouter OpenVPN Reference Guide

53-1003719-03

Table of Contents

Service-User Web Portal; Maintenance Of Ssl-Vpn Client Bundles - Brocade Communications Systems 5600 Reference Manual

Service-User web portal

Maintenance of SSL-VPN client bundles

Related Manuals for Brocade Communications Systems 5600

Related Content for Brocade Communications Systems 5600

Table of Contents