************************************************************ * * * * * Netlock Release Notes * * * * Copyright 1994-2002 * * by * * Netlock Technologies, Inc. * * Unpublished work. All rights reserved. * * * * Netlock Technologies, Inc. * * 3230 E. Imperial Hwy * * Suite 250 * * Brea, California 92821 U.S.A. * * * * Web: http://www.netlock.com/ * * * ************************************************************ ************************************************************ This product contains the following: Contains SSH IPSEC technology (pat. pending). SSH is a registered trademark of SSH Communications Security Ltd. (http://www.ssh.fi) ************************************************************ * * * Contivity VPN Client for Mac OS X * * * * Release Notes * * * ************************************************************ *==========================================================* * Compatibilities * *==========================================================* 1) The Contivity VPN Client for Mac OS X supports Mac OS X versions 10.1.5 through 10.2.3. 2) Currently supports TCP/IP protocols only, including Appletalk over IP. 3) If you will be running applications in the Classic environment, make sure that you uninstall or disable any previous versions of Netlock Agents or Clients that you may have installed, including those installed in "Classic" Mac OS 9. 4) The client also secures older applications that are run in "Classic Mode" under Mac OS X. *==========================================================* * Installation * *==========================================================* 1) You must have the password for a user account with Administrator privileges to install the client. 2) A web browser must be present on the host computer to use the client. 3) If you downloaded the client, use Stuffit Expander to decompress the file. Stuffit Expander extracts nleac.dmg, a disk image file. If your computer does not automatically mount the nleac.dmg file, use the Disk Copy utility to mount it. Inside is the Nleac.pkg installer package. 4) Double-click the package icon and follow the prompts. 5) To un-install the package, go to the Library-> Application Support->Netlock folder and double-click the "uninstall" icon. *==========================================================* * Configuration * *==========================================================* ACCESSING THE CLIENT USER INTERFACE After installation, you will find an alias to the client user interface on your Desktop. Double-click the alias to launch your browser and connect to the client interface. The Desktop icon appears only for the user account that performed the installation. You can also go to the folder: Library -> Application Support -> Netlock ...and double-click the "Netlock EAC User Access" icon, or Launch your web browser and go to: http://127.0.0.1:9161 You can create your own icon by selecting the URL from the address line in your browser, and drag it to the desktop. SAVE PASSWORD FEATURE WARNING Due to a large number of customer requests, the save password feature has been added to this release. WARNING: If you elect to save your Contivity password, it may be used to connect to the Contivity Switch from ANY user account on your Mac OS X computer. Your Contivity administrator may disable Save Password from the Contivity Switch. In that case, the Save Password checkbox will not be visible in the client window. USING THE CLIENT WITH A PROXY SERVER The Contivity VPN Client uses a web browser interface. If you use a proxy server for web browsing, then you must change your configuration to bypass the proxy for the client interface at 127.0.0.1. Go to the Network panel in System Preferences. Click on the Proxies tab. Enter 127.0.0.1 in the Bypass panel at the bottom of the window. COMPLEX PROTOCOLS ARE NOT SUPPORTED Applications that use complex protocols are not supported. The only known application that depends on complex protocols is: active ftp - Use passive ftp instead Note: Mac OS X uses passive ftp by default. Other applications (web browser, file sharing, passive ftp, etc.) work without problems. INSTALLED FILES - The Netlock installer installs files in the following locations: /etc/netlock/ /System/Library/Extensions/NetlockKernel.kext /Library/Application Support/Netlock/ /Library/StartupItems/Nleac/ Remove Other VPN Products before Installing the Contivity VPN Client - Please remove any previously installed VPN products before attempting to use the Contivity VPN Client. Otherwise, a conflict may occur, preventing the Contivity VPN Client from operating properly. Destination Address Format - When you enter a destination address in the Contivity VPN Client Connection window, you must enter it in dotted decimal format (e.g, 2.3.4.5). Do not use machine names. Improperly Configured Personal Firewall Products May Block Contivity VPN Client Communications - If you have a personal firewall product installed on your computer and have problems connecting with the Contivity VPN Client, please verify that your firewall product is configured to allow inbound and outbound UDP port 500, IP Protocol 50, and IP Protocol 51 packets to the Destination Address(es) used in your Contivity VPN Client Connection window. If problems persist, your personal firewall product may be in conflict with the Contivity VPN Client; remove the personal firewall product. Using the Contivity VPN Client When a Proxy Server is Enabled for the Browser - The Contivity VPN Client uses a web browser interface. You must configure your web browser to talk directly to the internal Contivity VPN Client, bypassing the proxy. Changing proxy settings on Mac OS X: - The proxy settings are changed in the Mac OS System Preferences -> Network panel. See the Mac OS X ReadMe notes for additional information. Changing proxy settings on other operating systems: - For Internet Explorer: In the Edit menu, choose Preferences... In the left pane of the Preferences window, click Network->Proxies. In the bottom right, under "List the sites you want to connect to directly...", add the value 127.0.0.1 and click the OK button. - For Netscape: In the Edit menu, choose Preferences... In the left pane of the Preferences window, click Advanced -> Proxies. Assuming that you are using Manual Proxies, click the Configure... button. In the "No proxy for:" field, add the value 127.0.0.1 and click the OK button. Click OK in the Preferences window. Traceroute Will Yield Unpredictable Results When Connected - Traceroute utilities will yield unpredictable and/or erroneous results when you have an established connection with the Contivity VPN Client. This is a normal side effect of tunneled communications with a virtual internal address. Traceroute does not make sense in this context. Client Will Not Establish Tunnel Without a Valid Default Route - You must have a valid default route to establish a VPN tunnel using the Contivity VPN Client. The Contivity VPN Client checks for a valid router (gateway), and will not negotiate a tunnel unless a valid default route exists. Because the client checks for a valid default route, you cannot establish tunnels when the client computer is connected directly to the Contivity Extranet Switch using a crossover Ethernet cable, for example. If you are using DHCP, you must ensure that the DHCP server provides a valid default route to your client computer.