Editing the Con figuration File

For Linux and Solaris clients, a generic configuration file is automatically created as part of the client installation process.

The configuration file can be edited at any time to enable security features, change IP addresses, and enter or change passwords.

For Linux and Solaris VPN Clients, the configuration file is named "vpn_config" and is located in the /etc directory.

Configuration File Key words

The configuration file has two valid section names, [VPN Partner Alias], and [VPN User]. The section names are not case sensitive.

[V P N Partner Alias]

Use this section for aliasing VPN 5000 Client IP addresses to a text string. Alias_Name is case sensitive.

Table 0-1: VPN Partner Alias Keywords

Keyword Description

Alias_Name = IP_Address

Alias_Name is any text string, with spaces, less than 80 characters. The IP_Address is a valid IP address of a VPN 5000 concentrator to which the client can connect. The IP address must be in standard dotted decimal format.

Keyword	Description
Alias_Name = IP_Address	Alias_Name is any text string, with spaces, less than 80 characters. The IP_Address is a valid IP address of a VPN 5000 concentrator to which the client can connect. The IP address must be in standard dotted decimal format.

[V PN U sers]

This section defines the login information for each user of the VPN 5000 Client. There may be multiple users for each configuration file.

The following keywords are recognized in this section:

Table 0-2: VPN Users Section Keywords

Keyword Description

UserName = string

Identifies a unique user. This name must also be configured in the authentication service it is using, for example, RADIUS or SecurID. The string can be between one and 60 alphanumeric characters, with no spaces allowed. This entry must always be the first on the line.

IPPrimary = {Alias_Name | IP_address | Domain_Name}

Sets the alias name, IP address or fully qualified domain name of the VPN 5000 concentrator to which the client connects.

SharedKey = pass_phrase

Sets the shared secret for this user. The pass phrase generates session keys used to authenticate and encrypt each packet received from or sent to the client. This keyword must match the Shared Key configured for this user in the VPN authentication system.

RADIUSPassword = string

Set the RADIUSPassword keyword to match the user's password configured in the RADIUS server.

PAPAuthSecret = pass_phrase

Sets the secret used between the VPN 5000 concentrator and the client. This secret authenticates and encrypts packets exchanged before passing them on to the RADIUS server. Use this keyword if the RADIUS server is set to use PAP for authentication instead of CHAP. The PAPAuthSecret must match the secret configured in the RADIUS section of the VPN 5000 concentrator.

ExcludeLocalLAN = {True | False}

When the ExcludeLocalLAN keyword is true, local LAN traffic is not tunneled. Because this method is less secure, you must also enable the ExcludeLocalLAN keyword in the VPN Group configuration of the VPN 5000 concentrator.

UsefTCP = {True | False}

When the UsefTCP keyword is true, you enable Network Address Translation (NAT) transparency for client sessions. Set this keyword if you are having problems connecting through a NAT device or through an ISP.

Keyword	Description
UserName = string	Identifies a unique user. This name must also be configured in the authentication service it is using, for example, RADIUS or SecurID. The string can be between one and 60 alphanumeric characters, with no spaces allowed. This entry must always be the first on the line.
IPPrimary = {Alias_Name \| IP_address \| Domain_Name}	Sets the alias name, IP address or fully qualified domain name of the VPN 5000 concentrator to which the client connects.
SharedKey = pass_phrase	Sets the shared secret for this user. The pass phrase generates session keys used to authenticate and encrypt each packet received from or sent to the client. This keyword must match the Shared Key configured for this user in the VPN authentication system.
RADIUSPassword = string	Set the RADIUSPassword keyword to match the user's password configured in the RADIUS server.
PAPAuthSecret = pass_phrase	Sets the secret used between the VPN 5000 concentrator and the client. This secret authenticates and encrypts packets exchanged before passing them on to the RADIUS server. Use this keyword if the RADIUS server is set to use PAP for authentication instead of CHAP. The PAPAuthSecret must match the secret configured in the RADIUS section of the VPN 5000 concentrator.
ExcludeLocalLAN = {True \| False}	When the ExcludeLocalLAN keyword is true, local LAN traffic is not tunneled. Because this method is less secure, you must also enable the ExcludeLocalLAN keyword in the VPN Group configuration of the VPN 5000 concentrator.
UsefTCP = {True \| False}	When the UsefTCP keyword is true, you enable Network Address Translation (NAT) transparency for client sessions. Set this keyword if you are having problems connecting through a NAT device or through an ISP.

Table of Contents