BorderManager 3.8 VPN Configuration Tool


This tool automates the configuration of Novell BorderManager 3.8 VPN servers. It reads the config from a text file and uses the ICE utility to write the config into eDirectory. This tool was created by Novell testers to bring up hundreds of NBM VPN servers in Novell's SuperLab during the NBM 3.8 QA phase. It's especially useful when you need to deploy a large number of VPN servers quickly.

This utility would configure the server as a vpn master only. C2S service would also be enabled but no members would be added onto the master.
You will have to add the slave members manually using iManager.


Before running the utility ensure you have one of the following installed:

  • NetWare 5.1 SP6
  • NetWare 6 SP3
  • NetWare 6.5

Before using this utility, create the following objects in eDirectory:

  1. The Server certificate - without spaces in its name.
  2. The Trusted Root Container - without spaces in its name.
  3. The Trusted Root Object(s) - without spaces in its name.

These can be created using either ConsoleOne or iManager.

Install NBM 3.8 and extend the schema.

Before using the utility ensure that the following information is available:
Public IP Address
Public IP Mask
Tunnel IP Address
Tunnel IP Mask
Server Certificate Subjectname

How to use the utility:

Step 1: In the root folder you will find 2 sub folders "system" and "vpnc" . Please copy the files inside the system folder into sys:\system of your server. Also copy the entire "vpnc" folder under the "sys:\" volume, the vpnc folder itself must be copied and not just the contents.

Step 2: Under sys:\vpnc\input folder, there is a file where in we need to specify the server and authentication details. The name of the file is master.txt . Fill in the details in lines where it is needed.
The master.txt would have lines:
<Enter server name here - case sensitive>
In the above example, the server name must be entered in the 2nd line. After entering the server name the lines must look like this:

Note: The angular brackets must be removed and no extra lines must be added.

Step 4: On the system console run the command : s2s1.

Step 5: On the system console run the command : s2s2.

How to ensure the configuration is complete:

If the vpmaster.nlm and vpslave.nlm come up after a minute it means the configuration is complete. The ICE screen would return a success on running the final command. It would be with 4/8 warnings on the screen for eDirectory 871 and with no errors or warnings for eDirectory edir 8.6.2.

Known Issues:

1. The utility gives errors for creation of traffic rules in client-to-site service on some versions of ICE. The errors mainly come for the traffic rules. We recommend that you create a default traffic rule.


Comment List