No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI SecoClient User Access Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Appendix

Appendix

This chapter provides the method for using commands to configure the client in the Linux system as well as configuration and connection templates for SSL VPN, L2TP VPN, and L2TP over IPSec VPN. The templates contain all connection parameters and authentication information required for configuring and establishing the corresponding VPN connections. You can refer to these templates to check whether the obtained information is sufficient. Enterprise network administrators can use these templates to provide necessary connection parameters and authentication information for mobile device users.

Mobile Client

In addition to the SecoClient PC client, Huawei has launched the mobile client for the iOS and Android operating systems.

How to Obtain

  • Mobile client for the iOS operating system

    Way 1: Open APP Store, search for SecoClient, and download the latest version of the SecoClient iOS client.

    Way 2: Download the correct software installation package in HUAWEI technical support website.
    • For enterprise network users: log in to http://support.huawei.com/enterprise, choose Enterprise Networking > Security > Firewall & VPN Gateway > Secospace USG6600 > Downloads, and select the correct software installation package.
    • For carrier users: log in to http://support.huawei.com/carrier, choose Software > Network > Switch & Gateway > Switch & Gateway > Eudemon1000E-N Series > Eudemon1000E-N, and select the correct software installation package.
  • Mobile client for the Android operating system

    Way 1: Download and open Huawei AppGallery, search for SecoClient, and download the latest version of the SecoClient Android client.

    Way 2: Download the correct software installation package in HUAWEI technical support website.
    • For enterprise network users: log in to http://support.huawei.com/enterprise, choose Enterprise Networking > Security > Firewall & VPN Gateway > Secospace USG6600 > Downloads, and select the correct software installation package.
    • For carrier users: log in to http://support.huawei.com/carrier, choose Software > Network > Switch & Gateway > Switch & Gateway > Eudemon1000E-N Series > Eudemon1000E-N, and select the correct software installation package.

Specifications

Currently, the SecoClient mobile client supports only SSL VPN connections. The following table lists the supported models and operating system versions.

Table 8-1 Models and operating system versions supported by a mobile SecoClient

Operating System

iOS

Android

Supported Operating System Versions

iOS 10.0 and later versions are supported.

Android 5.0 and later versions are supported.

Supported Device Models

  • iPhone X
  • iPhone 8/8 Plus
  • iPhone 7/7 Plus
  • iPhone 6s/6s Plus
  • iPhone 6/6 Plus
  • iPhone 5s
  • iPad Pro
  • iPad Air 1/2
  • iPad 4
  • iPad mini 2/3/4

-

Supported Device Screen Resolution

-

  • 720*1280
  • 1080*1920
  • 1440*2560
  • 2160*4096

The following table lists the function specifications of a mobile SecoClient.

Table 8-2 Function specifications of a mobile SecoClient

Function

iOS

Android

SSL VPN

Network extension

Supported

Supported

Endpoint security

NOTE:

When the terminal security function is enabled on the gateway, the mobile SecoClient can dial up successfully.

Not supported

Not supported

Preferential gateway selection

Not supported

Not supported

Reconnection

Not supported

Not supported

Link backup

NOTE:

When the link backup function is enabled on the gateway, the mobile SecoClient can dial up successfully.

Supported

Supported

Certificate authentication

Not supported

Not supported

Certificate filtering

Not supported

Not supported

Two-factor authentication

Not supported

Not supported

L2TP VPN

Not supported

Not supported

L2TP over IPSec VPN

Not supported

Not supported

NAT traversal

Supported

Supported

Proxy traversal

Not supported

Not supported

Tunnel splitting

Supported

Supported

Basic functions

Automatic startup upon power-on

Not supported

Not supported

Language

NOTE:

Only Chinese and English are supported.

Supported

Supported

Automatic login

Supported

Supported

Profile

Import

Not supported

Not supported

Export

Not supported

Not supported

Fault location

Supported

Supported

Configuration using commands

Not supported

Not supported

Non-administrator user configuration

Supported

Supported

The following table lists the performance specifications of a mobile SecoClient.

Table 8-3 Performance specifications of a mobile SecoClient

Function

Specifications

Number of new VPN connections per second

16

Operation

For details about how to use the SecoClient mobile client, see the online help of Settings > Help in the app.

Using Commands to Configure the Client in the Linux System

Starting the Client

  1. Access the /usr/local/SecoClient/serviceclient directory.
  2. Run the ./SecoClientCS command to start the client. This command can be executed by both common and root users.

    NOTE:

    Before starting the client using the command, ensure that the client started through the UI desktop has been shut down.

Configuring an SSL VPN Connection

Configuring SSL VPN

  1. Enter 1 to create a connection.
  2. Enter 1 to set the VPN type to SSL VPN.
  3. Enter the corresponding sequence number to complete the configuration of parameters 1 to 5.

    • 1. Connection Name(Required)
    • 2. Description
    • 3. Gateway Address
    • 4. Port(Required)
    • 5. Tunnel Mode(Required): The options are Reliable Transmission, Quick Transmission, and Auto-sensing.
    NOTE:

    For details about the parameters, see Configuring an SSL VPN Connection.

  4. Enter 6 to save the configuration.

Establishing an SSL VPN Connection

  1. Enter the corresponding number to establish an SSL VPN connection.
  2. Enter 1 to set up an SSL VPN connection.
  3. A message is displayed, indicating that the connection is set up successfully. Enter the user name and password to log in.
NOTE:
  • In the Linux system, the SSL VPN connection configured and established using commands supports only user name/password authentication.
  • After the connection is successful, do not close the terminal window. Otherwise, the connection will be disconnected.

SSL VPN Disconnection

Enter q to cut off the connection.

Configuring an L2TP VPN Connection

Configuring L2TP VPN

  1. Enter 1 to create a connection.
  2. Enter 2 and set the VPN type to L2TP/IPSec.
  3. Enter the corresponding sequence number to complete the configuration of parameters 1 to 8.

    • 1. Connection Name(Required)
    • 2. Description
    • 3. LNS Server Address(Required)
    • 4. Tunnel Name(Required)
    • 5. Authentication Mode
    • 6. Tunnel Authentication: Enable the tunnel authentication function. After the tunnel authentication function is enabled, you need to enter the tunnel authentication password.
    • 7. IPSec Protocol: Enable the IPSec protocol. Do not enable this function.
    • 8. Allow Internet access after connection: Set routes. After this option is enabled, you can set the traffic to be encrypted in the VPN tunnel by adding an IP address segment.
    NOTE:

    For details about the parameters, see Configuring an L2TP VPN Connection.

  4. Enter 9 to save the configuration.

Establishing an L2TP VPN Connection

  1. Enter the corresponding number to establish an L2TP VPN connection.
  2. Enter 1 to set up an L2TP VPN connection.
  3. Enter the user name and password to log in.
NOTE:

After the connection is successful, do not close the terminal window. Otherwise, the connection will be disconnected.

L2TP VPN Disconnection

Enter q to cut off the connection.

Configuring an L2TP over IPSec VPN Connection

Setting L2TP Parameters

  1. Enter 1 to create a connection.
  2. Enter 2 and set the VPN type to L2TP/IPSec.
  3. Enter the corresponding sequence number to complete the configuration of parameters 1 to 6.

    • 1. Connection Name(Required)
    • 2. Description
    • 3. LNS Server Address(Required)
    • 4. Tunnel Name(Required)
    • 5. Authentication Mode
    • 6. Tunnel Authentication: Enable the tunnel authentication function. After the tunnel authentication function is enabled, you need to enter the tunnel authentication password.
    NOTE:

    For details about the parameters, see Configuring an L2TP over IPSec VPN Connection.

Setting IPSec Parameters

  1. Enter 7 to enable the IPSec protocol.
  2. Enter the corresponding sequence number to complete the configuration of parameters 8 to 20.

    • 8. IPSec Authentication Mode: In the Linux system, IPSec supports only pre-shared key authentication. In pre-shared key authentication mode, the pre-shared key is required.
    • 9. IPSec Server address: IP address of the IPSec server. By default, the IP address of the LNS server is used (Use LNS server address).
    • 10. Encapsulation Mode: IPSec encapsulation mode, which can be Transmission mode or Tunnel mode.
    • 11. ESP Authentication Algorithm
    • 12. ESP Encryption Algorithm
    • 13. Negotiation Mode: IKE negotiation mode, which can be Main Mode or Aggressive Mode.
    • 14. Authentication Algorithm: authentication algorithm used for IKE negotiation
    • 15. Encryption Algorithm: encryption algorithm used for IKE negotiation
    • 16. DH Group ID: DH group ID used for IKE negotiation
    • 17. PFS: After the PFS function is enabled, the corresponding security parameter (Security Parameter) must be configured.
    • 18. SA Lifetime(IKE Advanced Configuration): IKE SA lifetime
    • 19. SA Lifetime(IPSec Advanced Configuration): IPSec SA lifetime
    • 20. Route Settings: The mode can be Mode Config or Allow Internet access after connection. After this parameter is set to Allow Internet access after connection, you can set the traffic to be encrypted in the VPN tunnel by adding an IP address segment.
    NOTE:

    For details about the parameters, see Configuring an L2TP over IPSec VPN Connection.

  3. Enter 21 to save the configuration.

Establishing an L2TP over IPSec VPN Connection

  1. Enter the corresponding number to establish an L2TP over IPSec VPN connection.
  2. Enter 1 to set up the L2TP over IPSec VPN connection.
  3. Enter the user name and password to log in.
NOTE:
  • In the Linux system, the L2TP over IPSec VPN connection configured and established using commands supports only user name/password authentication.
  • After the connection is successful, do not close the terminal window. Otherwise, the connection will be disconnected.

L2TP over IPSec VPN Disconnection

Enter q to cut off the connection.

VPN Configuration and Connection Templates

SSL VPN Configuration and Connection Template

Table 8-4 SSL VPN Configuration and Connection Template

SSL VPN Configuration Template

No.

Item

Parameter

1

Are Proxy Settings needed?

No

-

Yes

Which proxy mode is used?

System proxy

Address, port number, account, and password

  

HTTP/HTTPS proxy

  

Socks5 proxy

  

2

Connection name

  

3

Description

  

4

Remote gateway address

  

5

Port

  

6

Which tunnel mode is used?

Reliable Transmission

  

Quick Transmission

  

Auto-sensing

  

SSL VPN Connection Template

No.

User Identity Authentication

Required Information

1

User name/password authentication

User name

Password

2

PKI digital certificate authentication

Certificate-anonymous authentication

Valid PKI digital certificate

Certificate-challenge authentication

Valid PKI digital certificate

Login password corresponding to the user name extracted from the certificate

3

USB key certificate authentication

Certificate-anonymous authentication

USB key device, driver, and PIN

Certificate-challenge authentication

USB key device, driver, and PIN

Login password corresponding to the user name extracted from the certificate

4

Two-factor authentication

Initial authentication

User name/password authentication (referring to the above)

PKI digital certificate authentication (referring to the above)

USB key certificate authentication (referring to the above)

Two-factor authentication

Dynamic token code authentication

Obtain the value from the dynamic token code receiving device.

SMS verification code authentication

Obtain the value from the SMS verification code receiving device.

L2TP VPN Configuration and Connection Template

Table 8-5 L2TP VPN Configuration and Connection Template

L2TP VPN Configuration Template

No.

Item

Parameter

Proxy Settings

1

Are Proxy Settings needed?

No

-

Yes (Socks5 proxy is used.)

Address

  

Port

  

Account

  

Password

  

L2TP Configuration

2

Connection name

  

3

Description

  

4

LNS server address

  

Tunnel Configuration

5

Tunnel name

  

6

Which authentication mode is used?

CHAP

  

PAP

  

7

Is tunnel authentication enabled?

No

-

Yes

Tunnel authentication password

  

Route Settings

8

Deselect Allow Internet access after connection.

-

Select Allow Internet access after connection.

No IP address is added to the IP address list.

-

Select Allow Internet access after connection.

Add IP addresses to the IP address list.

IP addresses to be added

  

L2TP VPN Connection Template

No.

User Identity Authentication

Required Information

1

User name/password authentication

User name

Password

L2TP over IPSec VPN Configuration and Connection Template

Table 8-6 L2TP over IPSec VPN Configuration and Connection Template

L2TP over IPSec VPN Configuration Template

No.

Item

Parameter

Proxy Settings

1

Are Proxy Settings needed?

No

-

Yes (Socks5 proxy is used.)

Address

  

Port

  

Account

  

Password

  

L2TP Configuration

2

Connection name

  

3

Description

  

4

LNS server address

  

Tunnel Configuration

5

Tunnel name

  

6

Which authentication mode is used?

CHAP

  

PAP

  

7

Is tunnel authentication enabled?

No

-

Yes

Tunnel authentication password

  

Enable IPSec Protocol

8

Which IPSec identity authentication mode is used?

Pre-shared key authentication

Pre-shared key

  

USB key digital signature authentication

USB PIN

  

IPSec Settings

9

IPsec server address

Are L2TP VPN and IPSec VPN gateways are the same?

No

  

Yes

Select Use the LNS server address.

10

Which encapsulation mode is used?

Tunnel Mode

  

Transmission Mode

  

11

Which ESP authentication algorithm is used?

MD5

  

SHA1

  

SHA2-256

  

12

Which ESP encryption algorithm is used?

DES

  

3DES

  

AES

  

IKE Settings

13

Which negotiation mode is used?

Main Mode

  

Aggressive Mode

  

14

Which type of ID is used?

IP address

  

Name

  

15

Local name (this parameter is required if the ID type is set to Name.)

  

16

Security gateway name (this parameter is required if the ID type is set to Name.)

  

17

Authentication algorithm

MD5

  

SHA1

  

SHA2-256

  

18

Encryption algorithm

DES-CBC

  

3DES-CBC

  

AES-128

  

AES-192

  

AES-256

  

19

DH Group ID

Group1

  

Group2

  

Group5

  

IKE Advanced Settings

20

Is PFS enabled?

No

-

Yes

Security Parameter

Group1

  

Group2

  

Group5

  

21

SA lifecycle

  

IPsec Advanced Settings

22

SA lifecycle

  

Route Settings

23

Select Mode Config.

-

Select Allow Internet access after connection.

No IP address is added to the IP address list.

-

Select Allow Internet access after connection.

Add IP addresses to the IP address list.

IP addresses to be added

  

L2TP over IPSec VPN Connection Template

No.

User Identity Authentication

Required Information

1

User name/password authentication

User name

Password

2

PKI digital certificate authentication

Valid PKI digital certificate

User name

Password

3

USB key certificate authentication

USB key device, driver, and PIN

User name

Password

Translation
Download
Updated: 2019-02-22

Document ID: EDOC1100025211

Views: 22341

Downloads: 738

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next