s2svpnadmin(8) BSD System Manager's Manual s2svpnadmin(8)
NAME
s2svpnadmin -- command line tool to configure and display currently con- figured site-to-site VPN servers
SYNOPSIS
s2svpnadmin
DESCRIPTION
The s2svpnadmin command line tool is an interactive tool used to list currently configured site-to-site VPN servers, display their configura- tion details, add a new configuration and delete an existing configura- tion. This tool can only be utilized to configure a local VPN server, not a remote one. To set up a site-to-site server successfully, you shall need to configure the two VPN gateway servers at the two sites indepen- dently. However, certain parameters must be kept common for a successful configuration. The s2svpnadmin tool identifies each site-to-site server with an identi- fying string. This string should not have any spaces in it. When config- uring a new server, s2svpnadmin prompts the user to enter the name of such a string. Other than the name, various other details are required such as the gateway addresses of the local and remote sites and a form of IPSec authentication to use. All IPv4 addresses are validated. If an invalid entry is made, s2svpnadmin will force you to start all over again. Two forms of authentication are supported: shared-secret and certificate based. Before choosing certificate based authentication, ensure that at least one certificate is currently installed on the server. s2svpnadmin will display a list of currently installed certificates and prompt the user to choose one of these. Certificates can be created, self-signed and installed using the Server Admin tool.If shared secret is desired, ensure that the same shared secret is configured on the VPN server at the other site. s2svpnadmin will also prompt for the creation of one or more policies. Policies are made of a local network and a remote network. A network is specified by a network address and the number of prefix bits that must be masked in an IPv4 address to determine the network address it corresponds to. Ensure that a compatible policy is configured on both VPN servers. Lastly s2svpnadmin will ask if the server needs to be enabled. By default it is enabled. Currently s2svpnadmin does not support editing a configu- ration, so if the server is not enabled, the configuration will need to be deleted and recreated and enabled at a later time. s2svpnadmin must be run as root.
DIAGNOSTICS
The s2svpnadmin utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
pppd(8), vpnd(8) Mac OS X Server September 10, 2004 Mac OS X Server
Mac OS X 10.6Server - Generated Thu Apr 15 07:13:16 CDT 2010