Skip to main content

Howto configure a VPN between an OpenBAT and freeware Shrewsoft VPN Client (IPSec) - Knowledgebase / Products / BAT / BAT, WLC (HiLCOS) - Hirschmann Support Center

Howto configure a VPN between an OpenBAT and freeware Shrewsoft VPN Client (IPSec)

This lesson describes how to use a VPN between a OpenBAT and a WIN7 Shrewsoft Client over a WLAN connection

Network Topology

This is the network which will be configured in this Howto.
This configuration and this topology is an example only. It can be modified according to customers needs.

Assign IP-address

Use HiDiscovery to assign a IP-address to the BAT. The PC is locally connected.

Configure physical WLAN settings

Use Access-Point as WLAN operation mode. Optionally you can choose alternative Radio settings etc.

Configure Logical WLAN settings

Configure the SSID

Confiogure WPA PSK

Proceed to menu "Wireless LAN - 802.11i/WEP"
Use button "WPA or Private WEP settings...". A new window will open
Doubleclick on first line
Make sure that "encryption activated" is checked and enter a passphrase

Use Routing: Define separate bridge group for WLAN

Proceed to menu "Interfaces - LAN"
Use button "Port table...". A new window will open.
Doubleclick on line "WLAN-1:..." A new window will open.
Choose "BRG-2" as Bridge group

Assign IP-address to BRG-2

Proceed to menu "IPv4 - General
Use button "IP networks...". A new window will open.
Use button "Add...". A new window will open.
Define IP parameters and make sure that BRG-2 is used.

Define DHCP for WLAN

Proceed to menu "IPv4 - DHCPv4"
Use "DHCP networks...". A new window will open.
Use button "Add...". A new window will open.
Fill in relevant parameters.

Delete unused routes

Proceed to menu "IP Router - Routing"
Use button "IPv4 routing table". A new window will open.
Delete all entries by clicking button "Remove" several times.

Now send the configuration to the OpenBAT by clicking "OK" in all dialogs.

OPEN Wizard

In LANconfig right-click on the device and choose SetupWizard

Use Wizard for VPN / Remore access

Choose relevant wizard and press "Next"


Coose "VPN client with user-defines parameters" and click "Next"


Choose VPN Name and click "Next"


Choose "Preshared Key and Aggressive Mode"
Choose a Preshared Key
Click "Next"


Use default settings and click "Next"


Coose "IP Address" as identifier (local and remote).
Enter IP-addresses. The remote IP address must be known. Probably you have to connect to the WLAN with your client first.


Use default settings and press "Next"


Choose "AES 8256bit)" and "HMAC-SHA1-96" and press "Next"


Use default settings and press "Next"


Choose a virtual IP address for the remote client in the local network. This will use proxy ARP automatically.
Press "Next"


Use default settings and press "Next"


Disable NetBIOS over IP routing
Press "Next"


On Client side Shrewsoft VPN Clinet is used (freeware)

Install Shrewsoft VPN Client and start "VPN Access Manager"

Define new VPN

Click "Add". A new window will open.


Enter the IP-address of the VPN Gateway (OpenBAT)
Choose "Use existing adapter and current address" as "Adapter Mode"

 


In "Client" tab disable nat-T and Fragmentation.

 


Disable DNS


For authentication use" IP-Adress" as identifier and enter the addresses .
In the "Credentials" tab enter the "Pre Shared Key" (vpnpassword)

 


For phase1 use relevant parameters

 

For phase2 use relevant parameters

 

 

In "Policy" tab user "require" as "Policy Generation Level"
Press button "Save"

 

Start VPN

Mark the new created Vpn and press "Connect". A new window will open.
Press "Connect".

Test VPN

Open a DOS window and ping an IP-address of the remote network.