************************************************************ * * * * * Netlock Release Notes * * * * Copyright 1994-2002 * * by * * Netlock Technologies, Inc. * * Unpublished work. All rights reserved. * * * * Netlock Technologies, Inc. * * 3230 E. Imperial Hwy * * Suite 250 * * Brea, California 92821 U.S.A. * * * * Web: http://www.netlock.com/ * * * ************************************************************ ************************************************************ This product contains the following: Contains SSH IPSEC technology (pat. pending). SSH is a registered trademark of SSH Communications Security Ltd. (http://www.ssh.fi) ************************************************************ * * * Solaris Release Notes * * * ************************************************************ *==========================================================* * Compatibility * *==========================================================* 1) Contivity VPN Client products require Solaris 2.7 through 2.8 (aka SunOS 5.7 or 5.8). 2) Currently supports TCP/IP protocols only. *==========================================================* * Installation * *==========================================================* 1) CLIENT INSTALLATION: A web browser must be present on the host computer to access the online help facility. The Netlock Contivity VPN Client prefers Netscape, but will also use Sun's HotJava browser. If a browser is installed after the Netlock Contivity VPN Client, then make sure that somewhere in the standard command path there exists a file called "netscape" which calls or points to the installed browser. For example, if Netscape is intalled at "/opt/NSCPcom/netscape", then create a symbolic link called "/usr/bin/netscape", or change your command path to include "/opt/NSCPcom". Netlock is shipped on a multi-platform CD-ROM. If the Volume Manager mounts the CD, then the Solaris files will be located at "/cdrom/cdrom0/solaris". All examples in this file will use this location. The Contivity VPN package is called "nleac". a) CLEAN INSTALLATION cd /cdrom/cdrom0/solaris pkgadd -d . nleac b) UPGRADE INSTALLATION cd /cdrom/cdrom0/solaris pkgadd -d . -a pkgadmin nleac *==========================================================* * Issues & Information * *==========================================================* The Netlock Solaris Contivity VPN Client can run in either 32-bit or 64-bit mode. *==========================================================* * Configuration * *==========================================================* IMPORTANT NOTE: DO NOT RUN THE sys-unconfig COMMAND UNLESS YOU HAVE REMOVED THE NETLOCK VPN CLIENT FIRST! If you run sys-unconfig without removing Netlock, you may be required to reinstall the Solaris operating system to restore the computer to a useable state. Remove Other VPN Products before Installing the Contivity VPN Client - Please remove any previously installed VPN products before attempting to use the Contivity VPN Client. Otherwise, a conflict may occur, preventing the Contivity VPN Client from operating properly. Destination Address Format - When you enter a destination address in the Contivity VPN Client Connection window, you must enter it in dotted decimal format (e.g, 2.3.4.5). Do not use machine names. Improperly Configured Personal Firewall Products May Block Contivity VPN Client Communications - If you have a personal firewall product installed on your computer and have problems connecting with the Contivity VPN Client, please verify that your firewall product is configured to allow inbound and outbound UDP port 500, IP Protocol 50, and IP Protocol 51 packets to the Destination Address(es) used in your Contivity VPN Client Connection window. If problems persist, your personal firewall product may be in conflict with the Contivity VPN Client; remove the personal firewall product. Using the Contivity VPN Client When a Proxy Server is Enabled for the Browser - The Contivity VPN Client uses a web browser interface. You must configure your web browser to talk directly to the internal Contivity VPN Client, bypassing the proxy. Changing proxy settings on Mac OS X: - The proxy settings are changed in the Mac OS System Preferences -> Network panel. See the Mac OS X ReadMe notes for additional information. Changing proxy settings on other operating systems: - For Internet Explorer: In the Edit menu, choose Preferences... In the left pane of the Preferences window, click Network->Proxies. In the bottom right, under "List the sites you want to connect to directly...", add the value 127.0.0.1 and click the OK button. - For Netscape: In the Edit menu, choose Preferences... In the left pane of the Preferences window, click Advanced -> Proxies. Assuming that you are using Manual Proxies, click the Configure... button. In the "No proxy for:" field, add the value 127.0.0.1 and click the OK button. Click OK in the Preferences window. Traceroute Will Yield Unpredictable Results When Connected - Traceroute utilities will yield unpredictable and/or erroneous results when you have an established connection with the Contivity VPN Client. This is a normal side effect of tunneled communications with a virtual internal address. Traceroute does not make sense in this context. Client Will Not Establish Tunnel Without a Valid Default Route - You must have a valid default route to establish a VPN tunnel using the Contivity VPN Client. The Contivity VPN Client checks for a valid router (gateway), and will not negotiate a tunnel unless a valid default route exists. Because the client checks for a valid default route, you cannot establish tunnels when the client computer is connected directly to the Contivity Extranet Switch using a crossover Ethernet cable, for example. If you are using DHCP, you must ensure that the DHCP server provides a valid default route to your client computer.