IPSec Client Config: SSH Sentinel v1.3

 

 

 

SSH Sentinel is my IPSec client of choice - primarily because it is free for non-commercial use. This beats the heck out of paying $150 per license for some of the other clients out there. SSH Sentinel however is not the most intuitive client on the market. Come to think of it, all IPSec client software programs are a little hard to set up for beginners.

When this tutorial was written, SSH Sentinel 1.3 was in BETA. I had a few problems with it retaining its settings. If you have version 1.2, click here for v1.2 instructions .

SSH Sentinel should be loaded on the REMOTE computers - the computers on the Internet that you want to have access to your LAN. SSH Sentinel is a free download for non-commercial use and can be found here.

When you see the following screen, select 'administrator email' and type in your email address

Next, select 'self-signed certificate'

Once installed, you will need to enter the 'POLICY EDITOR'.  It can be reached from the start menu or by right clicking the blue SSH Sentinel icon in your task bar.

From the SSH Sentinel Policy Editor, Select the Key Management tab and add a new key.

 

Select create a preshared key when you see 'Mr. Buff'

Create a name for the key and type in the exact key you typed into your router.  Again, this key should be at least 8 characters long and should not be a single word from a dictionary

You have now created a shared key.  Now to create the VPN Connection.

Now, from the Security Policy screen, add a new VPN Connecion.  Note:  The picture below shows one that was already added.  You should only have the add button. 

Type in the VPN Routers WAN address.  You will need to click the 'IP' button to the right if you are typing a static IP address. Next, select the shared authentication key you just created and check the 'use legacy proposal' button.  Last, click the '...' button type in the IP schema of the LAN network that is BEHIND the VPN router.  This will be something like 192.168.100.0 subnet 255.255.255.0

 

These are the PROPERTIES of the new VPN connection we created.  Be sure yours looks like this.  'Remote Network' will be whatever name you assigned to the Home Lan remote network in the last step.  It will be something like 192.168.100.0 subnet 255.255.255.0

Select the ADVANCED tab and make it look like this. If the remote client computer is behind some kind of NAT based router or firewall, check the 'Enable Network Address Translation Traversal' checkbox too. 

Back on the GENERAL tab, select SETTINGS and make sure it looks like this.

Congrats!  You have confiigured the SSH Sentinel software.  Now we must do a little ROUTING to get everything working.