Firstly, and most importantly, your system administrator must have configured the NetManager VPN server! Setting up a VPN server involves making a few choices:
- How users or client computers authenticate themselves
Either certificates and keys or usernames and passwords can be used. With certificates and keys, a key/certificate is created for each client/user. The server itself has its own certificate and is a Certificate Authority (CA). In short, when a client connects to the server they swap certificates and each checks that the others certificate is valid (whether they are signed by the CA). If the certificate checks pass, the client is allowed access. No usernames or passwords are compared. However, the client's private key can be protected by a passphrase so that if the key is stolen it cannot be used. If no passphrase is set, connecting to the server does not require any user intervention meaning that it's extremely easy to use. If a certificate, key or passphrase is lost, stolen or compromised, then the client certificate can be revoked and another certificate/key pair created.
If using usernames and passwords, then the user's normal NetManager username and password are used to log into the VPN. This means that every user can share the same configuration (which makes administration easier), but is less secure as a) it allows access from anywhere without the need for any private client data and b) usernames can't be revoked (without changing them which affects email addresses, etc.). Access can be restricted to a defined list of usernames and groups.
- Deciding what connection options will be used
This choice will depend on firewalling (which may in turn depend on your ISP) as well as what the VPN is to be used for. For instance, if you want to use Voice-over-IP (VoIP), you will want a very quick, low-latency connection whereas if you want to back up a lot of data off-site, you will want data compression.
- How users will get their configuration
If using certificates and keys, up to 4 files are needed to configure the client (the configuration itself, the CA certificate, the client's key and the client's certificate). When installing these, they need to be in the right place and so this could be a support problem. Luckily, all 4 items can be rolled up into a single file if required. The downside to this is that you need a different configuration for each client.
The first 2 sets of choices need to be made early on and need to be stuck to as if they are changed at a later date, each client or user will need to download a new configuration file.
If using certificates and keys, the administrator must create configurations for each client that will connect. Details on NetManager VPN server configuration and administration are not discussed further here. The next pages will show how a client should connect to the server once the administrator has set the server up appropriately.