Dear All when we connect to VPN (E.g. Window VPN) then our Internet stops working this happen due to the change of default gateway from our ISP’s ( Internet Service Provider) gateway to VPN device ppp0′s gateway. By doing some little changes in our routing table we can use both VPN and Internet simultaneously, to do that first go to the properties of your VPN connection by right clicking on it.
1.) Start –>2.) Control Panel —> 3.) Network and Sharing Center —> 4.) Manage Network Connections
Right Click the VPN connection and go to its Properties.
In the Networking tab select Internet Protocol Version 4 (TCP/IPv4) and Click on the Properties Tab.
Now Click on the Advanced Tab and Uncheck the Use default gateway on remote network option and click OK on all opened tabs.
When we will uncheck this option the after connecting the VPN we will not get the default gateway of VPN, so our Internet will not get disturbed, now we have to add routes for connecting our remote network.
Now Connect your VPN.
To Add route of our remote series You must known to the IP series of remote side and your Virtual VPN IP address, Lets suppose our remote series is 10.1.1.0/24 and Virtual IP address is 192.168.30.16. Now open Command Prompt as Administrator, to open it Click on Start and type cmd in start search Right Click on Command Prompt and select Run as administrator, Give administrator’s password if prompted.
When Command Prompt is opened now here Type the following command to add route.
route add -p 10.1.1.0 mask 255.255.255.0 192.168.30.16
Here ( -p is used to add this route persistently means you to not need to add this rule next time when you will connect internet it will be added automatically).
Press Enter to insert this rule, it will show ok!
Now if you will try to access your Remote site and Internet simultaneously both will work. .
What is VPN :- A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization’s network so with VPN we can use our office resources from our home or remote sites.
VPN In NEBERO :- NEBERO uses PPTP (Point-to-Point Tunneling Protocol) VPN. PPTP is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks.
Minimum Requirement for VPN :- To use PPTP VPN You need atleast Basic Plus Version on NEBERO, also you will be needing Static IP address on the NEBERO server.
Creating VPN Users in NEBERO :- To create VPN user in NEBERO login on the admin console go to 1.) VPN Server –> 2.) Windows VPN Config from left menu Panel.
Here You will see PPTP Config Settings Like :-
Local IP : 192.168.30.1
Subnet : 255.255.255.0
IP Range From : 192.168.30.12
IP Range To : 192.168.30.50
Max Connections: 12
PPTP work on a Virtual Series, so a Virtual IP 192.168.30.1 will be given to NEBERO it self . If you are using this network series in your network already then please change it to some different series which is not used in your network, define network, its subnet mask, now define IP range for VPN users. When a user will login into your network he will receive a virtual IP from this range. Define maximum number of connections for VPN, also define DNS to the same virtual Local IP Address of NEBERO.
Adding VPN Users in NEBERO :-
TO Add VPN users in NEBERO do the following Steps
1.) Click VPN Server → 2.) Windows VPN Users, It will list all the Window VPN users present, If no user is present then first Click on Add Users button. After that give user name you want to create also give his Password. In IP you have to give a Virtual IP address to the user from the Virtual Series define earlier in server configuration, here you can select ANY for automatic or give a static IP address ( Recommended.) to the VPN user as show below..
After creating all the VPN users now server part of configuration is done. Next we have to create Windows VPN connection on Client Machine, Below is a example of creating VPN connection in Windows 7.
Creating Windows VPN Client in Windows 7 :-
1. Open Network and Sharing center from Control Panel, and choose Set up a New Connection.
In connect to network choose Connect a Workplace and click on next.
Choose use my Internet connection to connect to the workplace.
In Internet address we have to type Static IP address of our NEBERO Server . In Destination Name you can give a Name to the VPN connection, after that click Next, if there any Domain box then leave it blank.
Now VPN connection is created successfully, and you are ready to connect.
You can directly connect VPN from your Taskbar from Network Icon by selecting the VPN Connection Name.
Enter your User Name and Password in the VPN connection window, leave the Domain blank. Click connect to connect the VPN. Once connected you can easily access the remote machines or resources from your home.
Note: Once Connected with the VPN You will be able to access all those machines whose default gateway is NEBERO. Now while connecting you will not be able to use Internet as your default gateway changes to PPP0 (Device generated after connecting VPN) to use the Internet simultaneously you need to do some changes in your routing table .
Need of Time Based Policies :- Suppose in your organization you want to give Time Based Internet Access to your users, Like in working hours you want to restrict your clients to surf sites like facebook, orkut and other sites which are not productive. You only want to allow these site in lunch time or in non-working hours. This can be accomplished with Time based policy in NEBERO.
For this Your need to create two separate policies for both Working and Non-working hours. To create a policy in NEBERO, Login into the admin console of NEBERO and click on add policy under Policy Menu.
Example:- We have created a policy named working_hour in which we have not allowed any chat in Basic Firewall similarly we can block some of sites categories in Proxy for our working hour policy.
Now we have to create Policy for Non-working hours which which we can allow Chat and other sites related to Social Networking and Entertainment.
After creating both policies we have to implement them into our groups. Suppose our group name is Office so first we will change default policy of Office to working_hour. For this Go in Group Menu and select Modify. Select the desire group and click on Go, Change the default policy of group to working_hour and click on modify.
After changing the default policy of Office Group we can confirm it from Activity –> Users –> Office Group . The default policy of Office group will be working_hour in which we have restricted users from opening Chat and other non-productive sites.
Now in Second phrase we will implement Time Policies on the Office group. For this go in Group –> Time Policy. Select the group Office and click on Go. In Time Management You can add time base policy for any weekday or for the whole week. Select the start time when u want to start time base policy and end time of the policy. Time is in 24 hours scheme means for the 2:30 PM of noon you have to select 14 in hour and 30 in minutes, in Policy select the time policy non_working, Click Add to add the Policy .
We can add multiple timings for a single group. Like in example shown bellow I have added non_working Policy two time i.e in lunch time from 13:00 to 14:00 and after the office hours from 18:00 to 23:55.
After adding the Time Policy successfully NEBERO will automatically change-over between the Time policy and the Default policy. To confirm the time policy go in Activity –> Users –> Select the Office group and click on Go.
( Note :- Once time policy is applied it will change-over at the next occurring time.)
One of the main motive of Network Administrator is to minimise the misuse of the Internet. This can be achieved by monitoring the Internet usage of Client machines and by blocking the non-productive and useless sites.
In Nebero We can monitor the concurrent opened sites by the Users and block the sites which we think should not open in our network. To Monitor the concurrent opened sites by all Users or by a particular User do the following steps:-
1.) Go in Activity —> 2.) Urls —> 3.) Select the Group Name —> 4.) Select the User whose monitoring you want to do.
It will list down all the sites which User is opening on his machine. We can Block the sites which we think should be blocked in our organisation. For Blocking a site click on link “Block” as show in the picture below.
Clicking on the “Block” will open a new window which will give you option to block the Url or Site. Select the policy in which you want to block the site and click on Block button to block the site.
After you Click on the Block button it will show you one “1 New Site(s) has been added to Database“
Now if you see in under Surl Policy —> Block Sites , Select the Policy in which we blocked the site and click on Show. It will list all the site blocked in that Policy. You will get the site here which you we have blocked earlier. If you want to remove the site from database for that select the site which you want to remove and click on the Remove button.
What is Mac Binding ?
Mac address is the hardware address of a network card, Every network card in this world has its unique hardware address. Mac binding is the process of assigning a specific IP Address to a particular Mac address, it prevents Users to change their IP address and if they do so then their network traffic is blocked and they will not be able to use their network resources.
Why do We need Mac Binding ?
Suppose Mr. Malhotra is the C.E.O in an Organisation and IP address of his laptop is 192.168.1.100. He has full Internet access without any restriction. In the same organisation one more Employee Rajeev knows the IP address of Mr. Malhotra’s laptop , So in the absence of Mr. Malhotra Rajeev change IP address of his machine to Mr. Malhotra’s IP address i.e. 192.168.1.100 and now Rajeev has the full Internet access and he is misusing the Internet impersonating himself as Mr. Malhotra without knowing to Mr. Malhotra and anyone else in the organisation..
Now if Administrator of his company binds the Mac addresses of all machines with their specific IP addresses then Rajeev will no longer be able to change his IP address to Mr. Malhotra’s IP address for the Internet surfing.
How We can bind The Mac Address in Nebero ?
In Nebero We can Bind the Mac Addresses of our client’s machines with their respective IP Addresses, after this if a client tries to use another Person’s IP Address on his machine then his Internet will not work and he will get an error message like ” You Are Not A Valid Web-Login User”.
To Bind the Mac Address of a Client Machine. Just Login to Nebero Admin Console and do the following Steps:-
Go to 1.) Activity –> 2.) Users ( Select the Group of the User whose Mac Address you want to Bind.) 3.) Click on Go.
Note: Mac Binding is possible only in System Based Groups.
It will list all the User of that group with some options like BW, Live, MAC, User Firewall, IP, User, Group, Login Time, Policy, In (Kbps), Out (Kbps) and Lock. It will take around 10 sec. and show you the Incoming and Outgoing bandwidth used by all the Users.
By Clicking on the MAC option you can Bind the MAC Address of Client’s machine with his IP Address as shown in the image below.
When You Click on the Mac button a pop-up window will open which will show you IP Address and MAC Address of the client machine. There will be one more link saying that “Mac Address mismatch Click Here to Validate”. Click on that link to bind the Mac Address of that client.
( Like in example it is showing Mac Address for Karan (10.1.1.10) is 00:22:68:ae:71:7f )
When You will click on the link then it will show Address successfully Updated.
Once MAC address updated successfully the Color of the MAC Button will change to Blue. Now Mac Address of the Client (Karan) is binded with his IP Address (10.1.1.10).
Now if someone else try Karan’s IP ( 10.1.1.10 ) on his machine he will get a error page saying that “You are not a valid Web-Login User” as shown below:-
Now if one Client’s machine is changed then also he will get the same message of ” You Are Not A Valid Web-Login User” because new machine will be having a different Mac Address. Repeat the Process again to update the New Mac Address of the User.
1.) Mac Binding in Nebero is only possible with Layer II switches, in case Layer III switch is included then Mac binding has to be done on Layer III switch it self.
2.) Mac Address binding in Nebero can be done with System Based Users only.