|
A pre-created VPN Configuration may be enclosed
into the Syswan VPN Client Setup.
Enclosing VPN Configuration within the Syswan
VPN Client Setup enables IT manager to deploy pre-configured IPSec VPN Client
software in a single package to all company users.
A VPN Configuration ".tgb" file embedded within the IPSec VPN Client Setup folder (see 'Deployment Guide' description on our web site) is automatically imported by the IPSec VPN Client during software installation.
The process to create a setup with a VPN
Configuration is as follows:
1. Create the VPN Configuration that needs to
be embedded into the Setup. This step must be processed from a formerly
installed IPSec VPN Client, from which the VPN Configuration is exported (e.g.
"myconfig.tgb").
2. Create a silent installation, or copy the
Syswan VPN Client Setup into a setup folder.
3. Add the VPN Configuration (e.g.
"myconfig.tgb") file into the same folder.
4. Deploy the package to the user. The VPN
Configuration found in the folder will be added during the setup.
Important note: The Setup
cannot import and use an encrypted (protected) VPN Configuration. When creating
your VPN Configuration make sure it is exported without encryption (without
being protected with a password).
Several options are available with the IPSec VPN Client Setup:
1. Configuration of the GUI mode: 'full', 'user' or 'hidden'
2. Protection of the GUI mode Access Control with password
3. Configuration of the Systray menu items.
4. Other options for Software Start, License Number and Activation email
Command line syntax example:
Setup.exe –s
--license=0123456789ABCDEF0123 --start=boot --activmail=admin@mycompany.com
|
Warning: All
the switches '--gui', '--menuitem', '--license', '--start', '--activmail' can only be used with the switch '–s' (silent mode
install). |
Syntax: --vpngui=full|user|hidden
enables to define the GUI appearance when the
IPSec VPN Client starts.
"full": [Default] The
Configuration Panel is displayed.
"user": The Connection Panel
is displayed.
"hidden": Both VPN Configuration
Panel and Connection Panel are not displayed. Only the systray menu can be
opened. Tunnels can be opened from the systray menu.
Remark:
--vpngui=hidden is equivalent to option --hide=yes. This option can still be
used (as it is maintained for compatibility reasons).
Syntax: --password=mypwd
Control the acces to the VPN GUI with a
password.
The user will be asked for a password:
When the user clicks or
double-clicks on the VPN systray icon
When the user wants to
switch from the Connection Panel to the Configuration Panel.
Example: --vpngui=user --password=admin01
These 2 options enable the GUI to be locked in
"Connection Panel" mode only, while the access to the Configuration
Panel is protected with a password.
Syntax: --menuitem=[0...15]
Specify the items of the systray menu that the
IT manager wants to keep.
The value is a 'bitfield': 1 = Quit, 2 = Connection Panel, 4 = Console, 8 = Save
& Apply.
Example: --menuitem=5
will configure a systray menu with the items: Quit + Console.
Note 1: the tunnels are always shown in the
systray menu, and can always be opened and closed from this systray menu.
Note 2: 'menuitem' and
'vpngui=hidden'.
By default, vpngui=hidden (or
hide=yes) will set the systray menu item list to Quit + Console. (The items
'Save & Apply' and 'Connection Panel' are not visible). However the use of 'menuitem' overrides
'vpngui'.
This means that: "--vpngui=hidden --menuitem=1" will set a systray menu with only the 'Quit' item.
Here are the other installation parameters for
the setup command line:
Syntax: --license=[license_number]
Allows the configuration of the license number.
The License Number is a set of 24 hexadecimal characters. Old License Numbers
might be 20 hexadecimal characters.
Syntax: --start=[logon|boot|manual]
Allows the configuration of the start mode for
the VPN Client: after the logon windows, during the boot, or manually. Default
is [logon].
Syntax:
--activmail=[activation_email]
Allows the forcing of the email used for
activation confirmation. During the activation process, the edit box used for
entering this email will be disabled
Example:
Setup –s
--license=0123456789ABCDEF0123 --start=boot --activmail=admin@mycompany.com
Several command lines are available, they are meant to be used by IT managers to adapt the IPSec VPN Client behavior to their needs and to help integration with other applications.
Stopping IPSec VPN Client
Importing or Exporting VPN Configuration
Opening or Closing VPN tunnels
The Syswan VPN Client can be stopped at any
time by the command line:
" [path]\vpnconf.exe
/stop " where [path] is
the IPSec VPN Client installation directory.
If there is several active tunnels, they will
close properly.
This feature can be used, for example, in a
script that launchs the VPN Client after establishing a dialup connection and
exits it just before disconnection.
Syswan VPN Client can import a specific
configuration file by the command line:
" [path]\vpnconf.exe /import:[file.tgb] " where [path] is the VPN Client installation directory, and [file.tgb] is
the VPN Configuration file. This command does not handle relative paths (e.g.
"..\..\file.tgb"). Double-quotes are supported allowing paths
containing spaces.
" /import: " may be used
either if the VPN Client is running or not. When the VPN Client is already
running, it imports dynamically the new configuration and automatically applies
it (i-e: restarts the IKE service). If the VPN Client is not running, it is
launched with the new configuration.
" /importonce:
" imports a VPN configuration file without running the VPN Client. This
command is especially useful in installation scripts: it runs a silent
installation and imports a configuration automatically.
" /replace: " replaces the
current configuration by a new VPN Configuration. This feature is available in
software release 4.1 and older, and may be used instead of the /importonce
option to import a VPN configuration file without running the VPN Client.
" /export: " exports the current VPN Configuration (including certificates) in
the specified file. This command start the VPN Client if it is not already
running.
" /exportonce: " exports the current VPN Configuration (including Certificates) in
the specified file. This command does not start the VPN Client if it is not
already running.
" /add: " imports a new VPN Configuration into an existing VPN
Configuration and merge both into one single VPN Configuration. This command
line may be used whether the VPN Client is running or not. This command does
not start the VPN Client if it is not already running.
All 6 arguments "import",
"importonce", "export", "exportonce",
"replace" and "add" are exclusive and cannot be used
together.
The Syswan VPN Client can open or close a VPN
tunnel by the command line. Both command lines can be invoked while Syswan
IPSec VPN Client is running:
" [path]\vpnconf.exe /open:[phase1-phase2] " where [path] is the VPN Client installation directory, and [phase1-phase2] are the Phase1 and the Phase2 names in the VPN Configuration file. This
command does not handle relative paths (e.g. "..\..\file.tgb").
Double-quotes are supported, allowing paths containing spaces.
In case the specified tunnel is already open,
this command line has no effect.
" [path]\vpnconf.exe /close:[phase1-phase2] " where [path] is the VPN Client installation directory, and [phase1-phase2] are the Phase1 and the Phase2 names in the VPN Configuration file. This
command doesn't handle relative paths (e.g. "..\..\file.tgb").
Double-quotes are supported allowing paths containing spaces.
In case the specified tunnel is already close,
this command line has no effect.
Both arguments "open"
and "close" are exclusive and cannot be used together.
Restriction note:
Execution of those command lines will open the Syswan VPN Client
Graphical User Interface (GUI). This restriction will be removed in further
software release.
|