************************************************************
*                                                          *
*                                                          *
*                Netlock Release Notes                     *
*                                                          *
*                  Copyright 1994-2003                     *
*                          by                              *
*                    Apani Networks                        *
*          Unpublished work. All rights reserved.          *
*                                                          *
*     Apani Networks                                       *
*     3230 E. Imperial Hwy                                 *
*     Suite 250                                            *
*     Brea, California 92821 U.S.A.                        *
*                                                          *
*     Web:     http://www.apani.com/                       *
*                                                          *
************************************************************
************************************************************

This product contains the following:

Contains SSH IPSEC technology (pat. pending).  SSH is a
registered trademark of SSH Communications Security Ltd.
(http://www.ssh.fi)

************************************************************
*                                                          *
*                HP-UX 10.20 Release Notes                 *
*                                                          *
************************************************************

*==========================================================*
*                    Compatibilities                       *
*==========================================================*

1) Contivity VPN Client products require HP-UX 10.20.

2) Currently supports TCP/IP protocols only.

*==========================================================*
*                     Installation                         *
*==========================================================*

1) The installation CD-ROM is written in the RockRidge 
   Interchange Code,  which are not correctly handled 
   by HP-UX's standard mount commands.  Instead,
   the PFS (Portable File System) commands must be used.
   The following example assumes a mount point called
   '/cdrom' and a CD-ROM drive of '/dev/dsk/c0t2d0'.  It
   also assumes that the 'pfs_mountd' and 'pfsd' daemons
   are not already running.  If they are running, then
   skip the first two commands.

     nohup pfs_mountd &
     nohup pfsd &
     pfs_mount -t rrip /dev/dsk/c0t2d0 /cdrom

   To unmount the CD, type: pfs_umount /cdrom

2) Because the Contivity VPN client modifies the Unix 
   kernel, the HP-UX installer "swinstall" must be 
   executed in interactive mode (i.e. with the "-i" 
   option specified).  The installer will 
   auto-reboot when the installation is complete.
 
3) EMERGENCY DEINSTALLATION
   The HP-UX deinstall command "/usr/sbin/swremove" does
   not work in single-user mode.  If a situation ever
   arises requiring Netlock to be deinstalled from
   single-user mode, please use the provided script file
   "/etc/netlock_remove.sh".  Simply execute it, then
   follow its directions.  When it has completed, reboot
   the host.  Once in the normal run state, the standard
   "/etc/sbin/swremove" command must be run to finish
   the deinstallation and update HP-UX's installed
   software database.

*==========================================================*
*                     Configuration                        *
*==========================================================*

*==========================================================*
*                     Known Problems                       *
*==========================================================*

1) TIME STAMPS IN AUDIT LOGS SHOW INCORRECT HOURS
   This is an HP-UX configuration problem.  A file called
   "/etc/TIMEZONE" should exist.  It contains your host's
   timezone information.  If it is not there, execute SAM
   and set up your timezone, or manually set up the file.
   The file's contents should look something like this
   (U.S. Pacific Time Zone is being set in the example):

     TZ=PST8PDT
     export TZ

   Please refer to your system documentation for more
   details.


Remove Other VPN Products before Installing the 
Contivity VPN Client

- Please remove any previously installed VPN products before
  attempting to use the Contivity VPN Client. Otherwise, a
  conflict may occur, preventing the Contivity VPN Client
  from operating properly.


Destination Address Format

- When you enter a destination address in the Contivity VPN
  Client Connection window, you must enter it in dotted
  decimal format (e.g, 2.3.4.5). 
  
- If desired, you can use machine (DNS) names instead.


Improperly Configured Personal Firewall Products May Block
Contivity VPN Client Communications

- If you have a personal firewall product installed on your
  computer and have problems connecting with the Contivity
  VPN Client, please verify that your firewall product is
  configured to allow inbound and outbound UDP port 500, IP
  Protocol 50, and IP Protocol 51 packets to the Destination
  Address(es) used in your Contivity VPN Client Connection
  window. If problems persist, your personal firewall
  product may be in conflict with the Contivity VPN Client;
  remove the personal firewall  product.


Using the Contivity VPN Client When a Proxy Server is Enabled
for the Browser

- The Contivity VPN Client uses a web browser interface. You
  must configure your web browser to talk directly to the
  internal Contivity VPN Client, bypassing the proxy.

Changing proxy settings on Mac OS X:
-  The proxy settings are changed in the Mac OS System
   Preferences -> Network panel. See the Mac OS X ReadMe notes 
   for additional information.

Changing proxy settings on other operating systems:
- For Internet Explorer: In the Edit menu, choose
  Preferences... In the left pane of the Preferences window,
  click Network->Proxies. In the bottom right, under "List
  the sites you want to connect to directly...", add the 
  value 127.0.0.1 and click the OK button.

- For Netscape: In the Edit menu, choose Preferences... In
  the left pane of the Preferences window, click Advanced ->
  Proxies. Assuming that you are using Manual Proxies, click
  the Configure... button.  In the "No proxy for:" field,
  add the value 127.0.0.1 and click the OK button. Click OK
  in the Preferences window.


Traceroute Will Yield Unpredictable Results When Connected

- Traceroute utilities will yield unpredictable and/or
  erroneous results when you have an established connection
  with the Contivity VPN Client. This is a normal side
  effect of tunneled communications with a virtual internal
  address. Traceroute does not make sense in this context.


Client Will Not Establish Tunnel Without a Valid Default Route

- You must have a valid default route to establish a VPN
  tunnel using the Contivity VPN Client. The Contivity VPN
  Client checks for a valid router (gateway), and will not
  negotiate a tunnel unless a valid default route exists.

  Because the client checks for a valid default route, you
  cannot establish tunnels when the client computer is
  connected directly to the Contivity Extranet Switch using
  a crossover Ethernet cable, for example.

  If you are using DHCP, you must ensure that the DHCP
  server provides a valid default route to your client
  computer.