This lesson describes how to use a VPN between a OpenBAT and a WIN7 Shrewsoft Client over a WLAN connection
Network Topology
This is the network which will be configured in this Howto.
This configuration and this topology is an example only. It can be modified according to customers needs.
Assign IP-address
Use HiDiscovery to assign a IP-address to the BAT. The PC is locally connected.
Configure physical WLAN settings
Use Access-Point as WLAN operation mode. Optionally you can choose alternative Radio settings etc.
Configure Logical WLAN settings
Configure the SSID
Confiogure WPA PSK
Proceed to menu "Wireless LAN - 802.11i/WEP"
Use button "WPA or Private WEP settings...". A new window will open
Doubleclick on first line
Make sure that "encryption activated" is checked and enter a passphrase
Use Routing: Define separate bridge group for WLAN
Proceed to menu "Interfaces - LAN"
Use button "Port table...". A new window will open.
Doubleclick on line "WLAN-1:..." A new window will open.
Choose "BRG-2" as Bridge group
Assign IP-address to BRG-2
Proceed to menu "IPv4 - General
Use button "IP networks...". A new window will open.
Use button "Add...". A new window will open.
Define IP parameters and make sure that BRG-2 is used.
Define DHCP for WLAN
Proceed to menu "IPv4 - DHCPv4"
Use "DHCP networks...". A new window will open.
Use button "Add...". A new window will open.
Fill in relevant parameters.
Delete unused routes
Proceed to menu "IP Router - Routing"
Use button "IPv4 routing table". A new window will open.
Delete all entries by clicking button "Remove" several times.
Now send the configuration to the OpenBAT by clicking "OK" in all dialogs.
OPEN Wizard
In LANconfig right-click on the device and choose SetupWizard
Use Wizard for VPN / Remore access
Choose relevant wizard and press "Next"
Coose "VPN client with user-defines parameters" and click "Next"
Choose VPN Name and click "Next"
Choose "Preshared Key and Aggressive Mode"
Choose a Preshared Key
Click "Next"
Use default settings and click "Next"
Coose "IP Address" as identifier (local and remote).
Enter IP-addresses. The remote IP address must be known. Probably you have to connect to the WLAN with your client first.
Use default settings and press "Next"
Choose "AES 8256bit)" and "HMAC-SHA1-96" and press "Next"
Use default settings and press "Next"
Choose a virtual IP address for the remote client in the local network. This will use proxy ARP automatically.
Press "Next"
Use default settings and press "Next"
Disable NetBIOS over IP routing
Press "Next"
On Client side Shrewsoft VPN Clinet is used (freeware)
Install Shrewsoft VPN Client and start "VPN Access Manager"
Define new VPN
Click "Add". A new window will open.
Enter the IP-address of the VPN Gateway (OpenBAT)
Choose "Use existing adapter and current address" as "Adapter Mode"
In "Client" tab disable nat-T and Fragmentation.
Disable DNS
For authentication use" IP-Adress" as identifier and enter the addresses .
In the "Credentials" tab enter the "Pre Shared Key" (vpnpassword)
For phase1 use relevant parameters
For phase2 use relevant parameters
In "Policy" tab user "require" as "Policy Generation Level"
Press button "Save"
Start VPN
Mark the new created Vpn and press "Connect". A new window will open.
Press "Connect".
Test VPN
Open a DOS window and ping an IP-address of the remote network.