The global configuration section allows to enable IPsec and configure general network settings.
Host-to-Net Settings
These settings are only required if you are planning on having host-to-net (roadwarrior) clients and can otherwise be left empty.
The Host-to-Net Endpoint will be used for clients to reach the firewall. It usually is a DynDNS hostname but can also be a static IP address. Either have to be part of the host certificate (see below) in order to make certificate connections work.
Host-to-Net Virtual Private Network (RoadWarrior) defines a new subnet, using CIDR notation, which will be used to assign IP addresses to clients.
Generation of Root and Host Certificates
Certificates are required to use certificate-based connections with IPFire for both net-to-net and host-to-net connections.
To get started, click "Generate Root/Host certificates” and fill in the following values:
Field | What goes in here? |
---|---|
Organisation Name 1 | Your company name - e.g. "ABC Trucking PLC" |
IPFire's Hostname 1 | Enter the FQDN of your IPFire system - e.g. ABC-Trucking.com . 2 Or enter the dynamic DNS hostname - e.g., example.ddns.org . 2 |
 Your Email | The email address of the administrator |
Your Department / Town/Province/Country | This should be self-explanatory |
Subject Alternative Name 1 | SubjectAltName is a comma separated list of e-mail, DNS, URI, RID, or IP objects. If the IPFire system is reachable under multiple FQDNs add them here. Choices are email:* , DNS:* , URI:* , RID:* |
email: - an email address (e.g., ipfire@foo.org) |
|
email:copy - takes the email field from the cert to be used |
|
DNS: - a valid domain name (e.g., www.ipfire.org or example2.ddns.org) |
|
URI: - any valid uri (e.g., http://url/to/something) |
|
RID: - registered object identifier |
|
IP: - an IP address (e.g., 127.0.0.1) |
|
Example: email:ipfire@foo.org, email:copy, DNS:www.ipfire.org, IP:127.0.0.1, URI:http://url/to/something |
|
Note: charset is limited and case is significant. |
After you filled in the form, click "Generate Root/Host certificates" to start generating the certificates. This process might take a couple of moments depending on how fast your IPFire system is.
Log Files
For debugging purposes, all log files can be viewed in WebGUI menu Logs -> System Logs -> IPsec. And are being logged to /var/log/messages
. View messages via SSH and the command:
grep charon /var/log/messages