This lesson describes how to use a VPN between a OpenBAT and a WIN7 Shrewsoft Client over a WLAN connection
Network Topology
![](https://hirschmann-support.belden.com/file.php/6WXTGMDXBSB5477EAAED7/media_1481277846136.png)
This is the network which will be configured in this Howto.
This configuration and this topology is an example only. It can be modified according to customers needs.
Assign IP-address
![](https://hirschmann-support.belden.com/file.php/6JCPXJQTGMW5478167C6F/media_1481191669326.png)
Use HiDiscovery to assign a IP-address to the BAT. The PC is locally connected.
Configure physical WLAN settings
![](https://hirschmann-support.belden.com/file.php/6DGPBRNBHWY5479478503/media_1481191797408.png)
Use Access-Point as WLAN operation mode. Optionally you can choose alternative Radio settings etc.
Configure Logical WLAN settings
![](https://hirschmann-support.belden.com/file.php/6AMGKHHDCQH5480A3FBA1/media_1481191981251.png)
Configure the SSID
Confiogure WPA PSK
![](https://hirschmann-support.belden.com/file.php/6ZNCZKPWXAB54819630B1/media_1481192094228.png)
Proceed to menu "Wireless LAN - 802.11i/WEP"
Use button "WPA or Private WEP settings...". A new window will open
Doubleclick on first line
Make sure that "encryption activated" is checked and enter a passphrase
Use Routing: Define separate bridge group for WLAN
![](https://hirschmann-support.belden.com/file.php/6XDTMXQJKCH548241E2A0/media_1481192413365.png)
Proceed to menu "Interfaces - LAN"
Use button "Port table...". A new window will open.
Doubleclick on line "WLAN-1:..." A new window will open.
Choose "BRG-2" as Bridge group
Assign IP-address to BRG-2
![](https://hirschmann-support.belden.com/file.php/6JJZQXGQJQD54846BA563/media_1481192823919.png)
Proceed to menu "IPv4 - General
Use button "IP networks...". A new window will open.
Use button "Add...". A new window will open.
Define IP parameters and make sure that BRG-2 is used.
Define DHCP for WLAN
![](https://hirschmann-support.belden.com/file.php/6KTGDJGDABP5485A7E470/media_1481193663470.png)
Proceed to menu "IPv4 - DHCPv4"
Use "DHCP networks...". A new window will open.
Use button "Add...". A new window will open.
Fill in relevant parameters.
Delete unused routes
![](https://hirschmann-support.belden.com/file.php/6WKQQKAYTWQ5486A5EFB7/media_1481193059468.png)
Proceed to menu "IP Router - Routing"
Use button "IPv4 routing table". A new window will open.
Delete all entries by clicking button "Remove" several times.
Now send the configuration to the OpenBAT by clicking "OK" in all dialogs.
OPEN Wizard
![](https://hirschmann-support.belden.com/file.php/6KRWJKGXMSA5487C51DBC/media_1481193293783.png)
In LANconfig right-click on the device and choose SetupWizard
Use Wizard for VPN / Remore access
![](https://hirschmann-support.belden.com/file.php/6YSCCCAJZCY54888B4160/media_1481193389644.png)
Choose relevant wizard and press "Next"
Coose "VPN client with user-defines parameters" and click "Next"
Choose VPN Name and click "Next"
Choose "Preshared Key and Aggressive Mode"
Choose a Preshared Key
Click "Next"
Use default settings and click "Next"
Coose "IP Address" as identifier (local and remote).
Enter IP-addresses. The remote IP address must be known. Probably you have to connect to the WLAN with your client first.
Use default settings and press "Next"
Choose "AES 8256bit)" and "HMAC-SHA1-96" and press "Next"
Use default settings and press "Next"
Choose a virtual IP address for the remote client in the local network. This will use proxy ARP automatically.
Press "Next"
Use default settings and press "Next"
Disable NetBIOS over IP routing
Press "Next"
On Client side Shrewsoft VPN Clinet is used (freeware)
![](https://hirschmann-support.belden.com/file.php/6SMNDAJXMXK550107F3BE/media_1481277926249.png)
Install Shrewsoft VPN Client and start "VPN Access Manager"
Define new VPN
![](https://hirschmann-support.belden.com/file.php/6PSTQSQRGSD550221A77C/media_1481277950586.png)
Click "Add". A new window will open.
Enter the IP-address of the VPN Gateway (OpenBAT)
Choose "Use existing adapter and current address" as "Adapter Mode"
In "Client" tab disable nat-T and Fragmentation.
Disable DNS
For authentication use" IP-Adress" as identifier and enter the addresses .
In the "Credentials" tab enter the "Pre Shared Key" (vpnpassword)
For phase1 use relevant parameters
For phase2 use relevant parameters
In "Policy" tab user "require" as "Policy Generation Level"
Press button "Save"
Start VPN
![](https://hirschmann-support.belden.com/file.php/6PXAXCNWGRN5510F4906B/media_1481278131380.png)
Mark the new created Vpn and press "Connect". A new window will open.
Press "Connect".
Test VPN
![](https://hirschmann-support.belden.com/file.php/6JJPSHASWCJ5511A92EFE/media_1481278151203.png)
Open a DOS window and ping an IP-address of the remote network.