TunnelBuilder for Windows configuration
Flowpoint configuration for Windows TunnelBuilder
TunnelBuilder for Mac configuration
Flowpoint configuration for Mac TunnelBuilder
Using a Flowpoint router to connect into TunnelMaster VPN server
TunnelBuilder can connect successfully into Flowpoint routers as long as encryption is not selected. The reason is that Flowpoint supports DES (IPSEC) encryption, and TunnelBuilder only supports RSA encryption (MPPE).
Setting up the Windows TunnelBuilder is easy. In this case, place the IP Address of the FlowPoint router in the VPN Server address field. Be sure to clear the checkbox for Require encryption.
Next, you will need to include the name of the Tunnel identifier in the user name field, after the user name. The default Tunnel Identifier is "localhost". This is appended after the username with a "^" character separating them. In the figure below, the user name is "tbuser" and the Tunnel Identifier is "tbtunnel"
If using the Chap Secret for L2TP tunnel authentication, you should add this password in the password field in the same manner. In the following example, the user password is "tbpassword", and the Chap secret is "tbtunnelpassword".
To set up the Flowpoint for access from a TunnelBuilder client, do the following:
Configure the addresses under the DHCP mode:
| DHCP add 172.17.4.0 | Add the subnet for DHCP allocation |
| DHCP enable 172.17.4.0 | Enable the subnet for DHCP |
| DHCP set value GATEWAY 172.17.4.1 | Enter the gateway as the flowpoint IP address |
| DHCP set value DNS 172.17.4.4 172.17.4.6 | Enter DNS addresses for the flowpoint to assign |
| DHCP set value WINS 172.17.4.4 | Enter WINS addresses if logging into an NT network |
| l2tp add tbtunnel | Must match the TB username after "^" |
| l2tp set type lns tbtunnel | Flowpoint being used as server |
| l2tp set oursysname flowpoint tbtunnel | Defines the Flowpoint tunnel host name |
| l2tp set ourpasswd tbpassword tbtunnel | identifies the flowpoint tunnel as chap challenger |
| l2tp set chapsecret tbtunnelpassword tbtunnel | Must match the TB Password after ^ |
| remote add tbuser | Must match the TB userName |
| remote setauthen chap tbuser | recommend chap instead of default PAP |
| remote setpasswd tbpassword tbuser | Must match the TB Password |
| remote setrmtipaddr 172.17.4.205 255.255.255.0 tbuser | Flowpoint will assign connection with IP address |
When using the Mac TunnelBuilder, there are two
limitations to consider: It doesn't support the L2TP tunnel Authentication, and it
doesn't offer a configurable tunnel Identifier for the Flowpoint Hostname. To
configure the TunnelBuilder, simply enter the Flowpoint VPN address, the username and
password as seen in the following figure. Remember to select None for the type of
Encryption:
When configuring the Flowpoint for Mac TunnelBuilder access,
configure it the same as above, only use the name "localhost" as the L2TP
identifier. Remember to leave out the chap secret.
| l2tp add localhost | This is required for TB access |
| l2tp set type lns localhost | Flowpoint being used as server |
| l2tp set oursysname flowpoint localhost | Defines the Flowpoint tunnel host name |
| l2tp set ourpasswd tbpassword localhost | identifies the flowpoint tunnel as chap challenger |
Remember to save the Flowpoint configuration before exiting. When restarting, you may need to restart the remote entry, ie:
remote start tbuser
Once TunnelBuilder makes the connection, any further configuration issues are with the Flowpoint router. Check the Flowpoint manual for information on how to set up for routing considerations.
A Flowpoint router can connect successfully into a Tunnelmaster VPN server. In this situation the Flowpoint is the client and the TunnelMaster is the LNS (TunnelMaster does not source VPN tunnels, it can only terminate them).
As usual, you need to turn off encryption since the Flowpoint uses DES, and TunnelMaster assumes RSA. The TunnelMaster configuration can be set up using the following example:
Check for L2TP Tunnel Authentication
Enter a valid hostname
Check Encrypted Authentication (CHAP)
Uncheck Require Encryption
Name = flowpoint
Password = fpsecret
Name=fpclient
Password=fppassword
This needs to be done by hand, because the HTML manager has a
bug. Save the *.ini files after editing, because changes to the HTML manager will
cause this to revert back to off. Edit the nts-vpn.ini:
DataChannelFlowControl=1
FlowControlTimeoutSeconds=10
| l2tp add TunnelMaster | Must match hostname of TM |
| l2tp set type l2tpclient TunnelMaster | Flowpoint serves as the client to TM |
| l2tp set address 172.17.4.201 TunnelMaster | IP address of TM |
| l2tp set oursysName flowpoint TunnelMaster | Must match the l2tp tunnelname on TM |
| l2tp set chapsecret fpsecret TunnelMaster | must match thel2tp tunnel password on TM |
| remote add tmtunnel | |
| remote setlns TunnelMaster tmtunnel | must match the Flowpoint L2TP add entry |
| remote setmin 1 tmtunnel | sets bearing channels |
| remote setmax 1 tmtunnel | could be more 1 |
| remote setmtu 1300 tmtunnel | doesn't always work with FP |
| remote setauthen chap tmtunnel | agrees with TM setting of CHAP |
| remote disauthen tmtunnel | prevents fp from asking for auth (TM's job) |
| remote setoursysname fpclient tmtunnel | must match TM user name |
| remote setourpasswd fppassword tmtunnel | must match TM user password |
| remote setcompression off tmtunnel | because TM doesn't support this |
As usual, routing and ethernet information will need to reflect your network.