Setting Up Your Vpn Server Using Certificate Authority - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

To verify the VPN connection, use ping on both client and server to see if you can
reach each other. Ping server from client:
ping 10.23.8.1
Ping client from server:
ping 10.23.8.2
16.3 Setting Up Your VPN Server
Using Certificate Authority
The example shown in
work. This section explains how to build a VPN server that allows more than one con-
nection at the same time. This is done with a public key infrastructure (PKI). A PKI
consists of a pair of public and private keys for the server and each client and a master
certificate authority (CA).
The general overview of this process involves these steps, which are explained in the
following subsections:
1 Build your public key infrastructure (see
(page 149)).
2 Configure your server (see
3 Configure your clients (see
16.3.1 Creating Certificates
Before a VPN connection gets established, the client must authenticate the server cer-
tificate. On the other side, the server must also authenticate the client certificate. This
is called mutual authentication.
Section 16.2 (page 147) is useful for testing, but not for daily
Section 16.3.2, "Configuring the Server"
Section 16.3.3, "Configuring the Clients"
Chapter 17, Managing X.509 Certification
Section 16.3.1, "Creating Certificates"
Configuring VPN Server
(page 152)).
(page 153)).
(page 159)
149