manpagez: man pages & more
man s2svpnadmin(8)
Home | html | info | man
s2svpnadmin(8)            BSD System Manager's Manual           s2svpnadmin(8)


NAME

     s2svpnadmin -- command line tool to configure and display currently con-
     figured site-to-site VPN servers


SYNOPSIS

     s2svpnadmin


DESCRIPTION

     The s2svpnadmin command line tool is an interactive tool used to list
     currently configured site-to-site VPN servers, display their configura-
     tion details, add a new configuration and delete an existing configura-
     tion. This tool can only be utilized to configure a local VPN server, not
     a remote one. To set up a site-to-site server successfully, you shall
     need to configure the two VPN gateway servers at the two sites indepen-
     dently. However, certain parameters must be kept common for a successful
     configuration.

     The s2svpnadmin tool identifies each site-to-site server with an identi-
     fying string. This string should not have any spaces in it. When config-
     uring a new server, s2svpnadmin prompts the user to enter the name of
     such a string. Other than the name, various other details are required
     such as the gateway addresses of the local and remote sites and a form of
     IPSec authentication to use. All IPv4 addresses are validated. If an
     invalid entry is made, s2svpnadmin will force you to start all over
     again.

     Two forms of authentication are supported: shared-secret and certificate
     based.  Before choosing certificate based authentication, ensure that at
     least one certificate is currently installed on the server.  s2svpnadmin
     will display a list of currently installed certificates and prompt the
     user to choose one of these. Certificates can be created, self-signed and
     installed using the Server Admin tool.If shared secret is  desired,
     ensure that the same shared secret is configured on the VPN server at the
     other site.

     s2svpnadmin will also prompt for the creation of one or more policies.
     Policies are made of a local network and a remote network. A network is
     specified by a network address and the number of prefix bits that must be
     masked in an IPv4 address to determine the network address it corresponds
     to. Ensure that a compatible policy is configured on both VPN servers.

     Lastly s2svpnadmin will ask if the server needs to be enabled. By default
     it is enabled. Currently s2svpnadmin does not support editing a configu-
     ration, so if the server is not enabled, the configuration will need to
     be deleted and recreated and enabled at a later time.

     s2svpnadmin must be run as root.


DIAGNOSTICS

     The s2svpnadmin utility exits 0 on success, and >0 if an error occurs.


SEE ALSO

     pppd(8), vpnd(8)

Mac OS X Server               September 10, 2004               Mac OS X Server

Mac OS X 10.6Server - Generated Thu Apr 15 07:13:16 CDT 2010
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.