Netgear UTM25 – ProSECURE Unified Threat Management (UTM) Appliance 사용자 설명서
VPN Client Software Setup and Network Deployment
104
NETGEAR ProSAFE VPN Client
The vpnsetup.ini file must be located in the same folder as the VPN Client setup.exe
file. The vpnsetup.ini file consists of several sections, tags, and values. One of the
sections is the PKI Options section, in which you can define how the VPN Client selects and
uses certificates from smart card readers and token readers.
file. The vpnsetup.ini file consists of several sections, tags, and values. One of the
sections is the PKI Options section, in which you can define how the VPN Client selects and
uses certificates from smart card readers and token readers.
The following is an example of the PKI Options section in the vpnsetup.ini file:
[PKIOptions]
PkiCheck=01
SmartCardRoaming=01
NoCACertReq=01
KeyUsage=01
PKCS11Only=01
In this example, the VPN Client is configured to do the following:
•
Validate the root certificate authority when it receives a certificate from the VPN gateway
(PkiCheck=01)
(PkiCheck=01)
•
Use any certificate from the card reader that is configured in the VPN configuration
(SmartCardRoaming=01)
(SmartCardRoaming=01)
•
Use a certificate from a certificate authority that is different from the VPN gateway
(NoCACertReq=01)
(NoCACertReq=01)
•
Use only an authentication certificate for which the digitalSignature key extension is
configured (KeyUsage=0)
configured (KeyUsage=0)
•
Use only PKCS #11 middleware to access tokens or smart cards (PKCS11Only=01)
The following table describes the PKI options parameters that let you define rules for
certificate handling in the vpnsetup.ini file.
certificate handling in the vpnsetup.ini file.
Table 8. PKI options parameters for the vpnsetup.ini file in alphabetical order
Option
Description
Settings
KeyUsage
This option lets you specify a
particular certificate among multiple
ones. For example, this is useful when
several certificates with the same
subject are stored on a smart card or
token.
particular certificate among multiple
ones. For example, this is useful when
several certificates with the same
subject are stored on a smart card or
token.
•
Not configured. The VPN Client can select
any certificate.
any certificate.
•
01. The VPN Client uses only an
authentication certificate for which the
digitalSignature key extension is
configured.
authentication certificate for which the
digitalSignature key extension is
configured.
NoCACertReq
This option lets you specify that the
VPN Client and VPN gateway can use
certificates from different certificate
authorities.
VPN Client and VPN gateway can use
certificates from different certificate
authorities.
•
Not configured. The VPN Client and VPN
gateway must use certificates from the
same certificate authority.
gateway must use certificates from the
same certificate authority.
•
01. The VPN Client and the VPN gateway
can use certificates from different
certificate authorities.
can use certificates from different
certificate authorities.