Knowledgebase Category: Configuration Recipes
- /
- /
Configuration Recipes
- Create a Certificate
- WireGuard Settings
- Assign a WireGuard Interface
- Configure a WireGuard Tunnel
- IPsec Export Package
- Setup Sync Interface
- Create an internal certificate
- Configure outbound NAT
- Configure pfsync
- Configure Configuration Synchronization (XML-RPC)
- IPsec Site-to-Site VPN Example with Certificate Authentication
- Determine IP Address Assignments
- Configuring IPv6 Through A Tunnel Broker Service
- High Availability Configuration Example with Multi-WAN
- Sign Up for Service
- NAT Configuration
- Allow IPv6 Traffic
- Firewall Configuration
- Dell PowerConnect managed switches
- Allow ICMP
- Multi-WAN HA with DMZ Diagram
- Configure the New OPT Interface
- Install the OpenVPN Client Export Package
- Using the Shaper Wizard to Configure ALTQ Traffic Shaping
- High Availability Configuration Example without NAT
- Create and Assign the GIF Interface
- Prepare the Windows package
- Choosing a Wizard
- Public IP Assignments
- install the OpenVPN package
- Starting the Wizard
- Change the cryptoapicert SUBJ
- Networks and Speeds
- Using the Windows client
- Setup the IPv6 Gateway
- Network Overview
- Setup IPv6 DNS
- Voice over IP
- A Brief Introduction to Web Proxies and Reporting: Squid, SquidGuard, and Lightsquid
- Penalty Box
- Squid Caching Web Proxy
- Setup DHCPv6 and/or Router Advertisements
- Setup LAN for IPv6
- SquidGuard Web Access Control and Filtering
- Lightsquid Web Access Reporting
- Add Firewall Rules
- Try It!
- Peer-to-Peer Networking
- Transparent Proxies and HTTP/HTTPS
- Network Games
- Authenticating Squid Package Users with FreeRADIUS
- Updating the Tunnel Endpoint
- SQUID Proxy
- Change the name of the .ovpn file
- Edit the shortcut to connect directly
- Edit more settings
- Raising or Lowering Other Applications
- Configuring the Squid Package as a Transparent HTTP Proxy
- Installing OpenVPN Remote Access Clients
- Finishing the Wizard
- Install the Package
- Shaper Wizard and IPv6
- Configure the Squid Package
- L2TP/IPsec Remote Access VPN Configuration Example
- Setting up WPAD Autoconfigure for the Squid Package
- Setup IPsec
- IPsec Firewall Rules
- Why would this be done?
- Prerequisites
- Create wpad.dat
- DNS Configuration
- Installing the OpenVPN Client on Windows
- Installing the OpenVPN Client on Mac OS X
- Configure DNS
- Client Setup
- Installing the OpenVPN Client on iOS
- IPsec Setup
- Block Port 80 Out from LAN
- Connecting to L2TP/IPsec from Android
- Test Clients
- Android Client Setup
- Other Thoughts
- IPsec Remote Access VPN Example Using IKEv1 with Pre- Shared Keys
- On AZTCO-FW
- L2TP Setup
- The client
- Migrating an Assigned LAN to LAGG
- Warnings/Precautions
- Installing the OpenVPN Client on Android
- Prerequisites/Assumptions
- Installing the OpenVPN Client on FreeBSD
- Migrate LAN to a LAGG
- Installing the OpenVPN Client on Linux
- Installing the OpenVPN Client Configuration Manually
- VLANS
- Adding OpenVPN Remote Access Users
- Accessing a CPE/Modem from Inside the Firewall
- Configure a new Interface
- Local Users
- LDAP or RADIUS Users
- Configure NAT
- OpenVPN Site-to-Site Configuration Example with Shared Key
- Caveats
- Configuring Multi-WAN for IPv6
- Configuring Server Side
- Requirements
- Setup
- Alternate Tactics
- Configuring Client Side
- Configuring NAT for a VoIP PBX
- Testing the connection
- Aliases to make it easy
- Client tweaks
- Port Forwards
- Manual Outbound NAT
- Troubleshooting
- Reset States
- IPsec Remote Access VPN Example Using IKEv1 with Xauth
- Routing Internet Traffic Through A Site-To-Site OpenVPN Tun- nel
- IPsec Server Setup
- Disable source port rewriting
- Set up OpenVPN at Site B
- Device Setup (Android)
- Configuring NAT for VoIP Phones
- Device Setup (iOS)
- Troubleshooting
- Set Conservative state table optimization
- Configure firewall rules at Site B
- Disable scrub
- Configuring IPsec IKEv2 Remote Access VPN Clients
- Bridging OpenVPN Connections to Local Networks
- Configuring IPsec IKEv2 Remote Access VPN Clients on Windows
- OpenVPN Server Settings
- Creating the Bridge
- Set up outbound NAT at Site B
- Set up the client at site A
- Connect with Clients
- Accessing Port Forwards from Local Networks
- Configuring a Single Multi-Purpose OpenVPN Instance
- Configuring IPsec IKEv2 Remote Access VPN Clients on Android
- Setup
- Configuring IPsec IKEv2 Remote Access VPN Clients on OS X
- Authenticating Users with Google Cloud Identity
- Notes
- Configure the LDAP Application on the G Suite admin portal
- Connecting OpenVPN Sites with Conflicting IP Subnets
- Download the certificate, key, username and password
- Site-to Site Example
- Import the certificate and key
- Install the stunnel AZTCO-FW package (CE or 2.4.4-RELEASE)
- Configure the stunnel package (CE or 2.4.4-RELEASE)
- Site-to-Multi-Site Example
- Create a Group
- Configuring SSL/TLS Client Side
- OpenVPN Remote Access Configuration Example
- Testing the connection
- Configuring IPsec IKEv2 Remote Access VPN Clients on iOS
- Before Starting The Wizard
- Choose Authentication Type
- OpenVPN Site-to-Site Configuration Example with SSL/TLS
- Configure LDAP authentication on AZTCO-FW
- Configuring SSL/TLS Server Side
- Test G Suite Authentication
- Use G Suite for AZTCO-FW Administrative Logins
- Choosing an LDAP Server
- Adding an LDAP Server
- Choosing a RADIUS Server
- Configuring BIND as an RFC 2136 Dynamic DNS Server
- Configuring IPsec IKEv2 Remote Access VPN Clients on Ubuntu
- Adding a RADIUS Server
- Configure the BIND Server
- Choosing a Certificate Authority
- Configuring a Client in AZTCO-FW
- Creating a Certificate Authority
- Method 1: NAT Reflection
- Blocking Web Sites
- IKEv2 Server Configuration
- Choosing a Server Certificate
- Using DNS
- IKEv2 Certificate Structure
- Adding a Server Certificate
- Method 2: Split DNS
- Configuring OpenVPN Server Settings
- Using Firewall Rules
- Using a Proxy
- Authenticating from Active Directory using RADIUS/NPS
- Prevent Bypassing Restrictions
- Firewall Rule Configuration
- Choosing a server for NPS
- Finishing the Wizard
- Installing NPS
- Blocking External Client DNS Queries
- Mobile IPsec User Creation
- Verifying the Setup
- DNS over TLS
- Configuring NPS
- Configuring DNS over TLS
- Firewall Rules
- Adjustments
- DNS over HTTPS
- Adding a User with a Certificate
- Mobile IPsec User Creation
- Requirements
- IPsec Remote Access VPN Example Using IKEv2 with EAP- RADIUS
- OpenVPN Client Export Package
- Configure DNS Servers
- EAP-RADIUS with FreeRADIUS
- Purpose
- Requirements
- Enable DNS over TLS for Forwarded Queries
- EAP-RADIUS with Windows Network Policy Server (NPS)
- Add an interface to FreeRADIUS
- Allowing Remote Access to the GUI
- IPsec Remote Access VPN Example Using IKEv2 with EAP-TLS
- Testing DNS over TLS
- Enable DNS over TLS Server (optional)
- Set up Mobile IPsec for IKEv2+EAP-TLS
- Use a VPN
- Setup Certificates
- Add a NAS client to FreeRADIUS
- Add Users
- Restricted Firewall Access
- Configure a AZATCO-FW Authentication Server
- Add Firewall Rules for IPsec
- Test RADIUS Authentication
- Use HTTPS
- Caveats
- Configure OpenVPN to use RADIUS
- Move the GUI to an Alternate Port
- Import the CA to the Client PC
- Strict Management
- Redirecting Client DNS Requests
- Import the Client Certificate to the Client PC
- Add the Client VPN Connection
- Troubleshooting
- RIP
- IPsec Site-to-Site VPN Example with Pre-Shared Keys
- Authenticating OpenVPN Users with RADIUS via Active Direc- tory
- I Don’t Care About Security, How Do I Open Access To The GUI?
- BGP
- Site-to-site example configuration
- OSPF
- Preventing RFC1918 Traffic from Exiting a WAN Interface
- Basic Firewall Configuration Example
- Scenarios where RFC1918 addresses should NOT be blocked on the WAN interface
- Steps to block RFC1918 traffic from leaving the WAN interface
- Notes
- Basic lock down of the LAN and DMZ outgoing rules
- OpenLDAP Example
- Setup isolating LAN and DMZ, each with unrestricted Internet access
- Versions
- External User Authentication Examples
- Routing Public IP Addresses
- On security and a disclaimer
- IP Assignments
- RADIUS Server Example
- Thanks
- Interface Configuration
- Create a group VPNusers
- Install and configure RADIUS
- Set up the Authentication Server
- Active Directory LDAP Example
- General EAP configuration
- PEAP and MSCHAPv2
- Routing and gateway considerations
- NAT Configuration
- Firewall Rule Configuration
- EAP-TLS
- AZTCO-FW-initiated Traffic and IPsec
- Using Mobile-One-Time-Password (mOTP) with the FreeRADIUS package
- Enable Mobile-One-Time-Password (OTP) support
- Routing Internet Traffic Through a Site-to-Site IPsec Tunnel
- Set up the IPsec tunnel Phase 1
- Using NAT and FTP without a Proxy
- Client Behind AZTCO-FW
- Configuring Switches with VLANs
- Server Behind AZTCO-FW
- Configuring AZTCO-FW Software for Online Gaming
- Cisco IOS based switches
- Specific Game/Console Information
- Set up the IPsec tunnel Phase 2
- Cisco CatOS based switches
- Switch configuration overview
- High Availability Configuration Example
- Determine IP Address Assignments
- Cluster Configuration Basics
- Install a Certificate Authority
- HP ProCurve switches
- Allow IPsec traffic through the firewall
- Set up the OpenVPN server
- Netgear Managed Switches
- Configure the firewall