These pages are out of date and presented here for historical purposes only.

Please follow this link for the current pages.

SSH Sentinel Configuration

Thanks to Johan Hedin for providing this page.

This example uses the base setup of PGP 7.1 with x.509 authentication. Please read those pages first to get the hang of it.

The corresponding isakmpd.conf file. A cert script that Johan has been using along with a x509v3.cnf file.

When doing certificates I followed Johan Allards configs but did scripts for beeing lazy and only filled in country, organisation and distinguished name.

Right click the Sentinel ican in the bar and select Run Policy Editor. Start with importing your *.p12 key by selecting Key Management and import (right clicking) on "host key". The certificate you are seeing here (grouptech certificate) is the one Sentinel creates in the installation wizard, which is a self signed one by Sentinel, don't bother.

Key import

You should then get a picture like this after doing apply.

List of certificates

Start adding a VPN Connection by doing add under the Security Policy tab.

Overview of Network Connections

When clicking add, configure your VPN with corresponding BSD configs. Type in the IP or DNS of the remote BSD gateway (see steps pic 4 - 7). Use default settings in the Advanced tab also use default times.

Add Certificates

Create and select the remote internal network.

Network Configuration

Select your certificate.

Configure proposals.

Configure Proposals

Select the IP you will use on the internal network.

Virtual IP address

Don't forget doing apply when Oked out. Sometimes the client will drop your configs under fig 6.

Test your VPN. Do this by select your VPN right clicking on the Sentinel icon in you bar. Go up to Select VPN and select it (can be started automatically when starting windows by checking a box under the Advanced tab in fig 4).

Start VPN

If everything is ok the Sentinel shall say that "The VPN connection established successfully" and a isakmpd -d -D9=99 should look like this:

# isakmpd -d -D9=99
114844.940053 Plcy 30 policy_init: initializing
114856.819042 Plcy 90 x509_generate_kn: generating KeyNote policy for certificate 0x107900
114856.820051 Plcy 60 x509_generate_kn: added credential
114856.820498 Plcy 80 x509_generate_kn: added credential:
Authorizer: "DN:/C=SE/O=Cell/CN=BSD_CA"
Licensees: "DN:/C=SE/O=Cell/CN=Johan Hedin"
Conditions: GMTTimeOfDay = "20020423105139" && GMTTimeOfDay