SSH Sentinel FAQ


  1. What is SSH Sentinel VPN client?
  2. Why do I need to use Sentinel?
  3. Does SSH Sentinel work with the PPP over Ethernet (PPPoE) protocol,
    which is used by the ADSL Network Adapter cards?
  4. How to configure Pre-IPSec filter?
  5. What is "Acquire virtual IP address" for? Should I check this box?
  6. What is "Extended Authentication"? Should I check this box?
  7. Does Sentinel support IP range?
  8. Does Sentinel support 2 VPN connections at the same time?
  9. What is this option, “Attach the selected values to proposal only” for?
  10. How to initiate a VPN tunnel from Sentinel?
  11. Can Prestige be the initiator of VPN tunnel to Sentinel?
  12. How can I verify if the VPN connection is up in Sentinel?
  13. I am using EnterNet 300, a PPPoE dial up software. Any concern?

1. What is SSH Sentinel VPN client?

Developed by SSH (http://www.ssh.com) Sentinel VPN client is a bundled software with Prestige VPN solution. It supports IPSec/VPN.

2. Why do I need to use Sentinel?

SSH Sentinel(TM) is an easy-to-use software for remote working based on the latest VPN technology. The software provides smooth integration with Prestige VPN which may be installed in HQ gateway.

3. Does SSH Sentinel work with the PPP over Ethernet (PPPoE) protocol, which is used by the ADSL Network Adapter cards?

Yes, the latest release SSH Sentinel 1.3, also supports PPPoE, but due to the wide range of PPPoE implementations and the fact, that we have a very limited access to PPPoE adapters in general, we are not able to fully test this functionality. 

As a consequence, it is hard to say with exactly which PPPoE drivers SSH Sentinel 1.3 is fully compatible.

4. How to configure Pre-IPSec filter?

In pre-ipsec configuration, never, remove the pre-IPSec filter rule that bypasses IKE traffic. If you do, all your attempts to establish any IPSec connection are bound to fail, because the negotiations never take place. Only when you would like to have some TCP/UDP packets bypass IPSec, must you specify the traffic as bypass in pre-ipsec filter. Otherwise, just not setup any bypass/discard/reject on the traffic you would like to be protected by IPSec.

5. What is "Acquire virtual IP address" for? Should I check this box?

With this feature, Sentinel can obtain a virtual IP address assigned from VPN gateway. However, if connecting with Prestige, please not check this box. Prestige doesn’t support this feature in current firmware.

6. What is "Extended Authentication"? Should I check this box?

With this feature, VPN connection from Sentinel can be authenticated to authentication server, such as, RADIUS, TACAS, …etc. behind remote VPN gateway. However, if connecting with Prestige, please not check this box. Prestige doesn’t support this feature in current firmware. It will support in the near future. 

7. Does Sentinel support IP range? 

No, only subnet/single is supported. So when connecting with Prestige, please not use range as address type.

8. Does Sentinel support 2 VPN connections at the same time?
 
No, Sentinel doesn’t support it. Only one VPN connection can be activated at the same time.

9. What is this option, “Attach the selected values to proposal only” for?
 
To increase compatibility, Sentinel sends many kinds of possible proposal for it’s peer side, say Prestige to choose. If you uncheck this option, Sentinel will only send out the proposal you configured. To decrease negotiation time, you can uncheck this option, and verify phase1/phase2 parameters are consistent on both sides.

10. How to initiate a VPN tunnel from Sentinel?

Right click SSH icon in system tray, click the VPN connection you have setup in Select VPN. Packets triggering doesn't work in this case.

11. Can Prestige be the initiator of VPN tunnel to Sentinel?
 
No. Sentinel is supposed to be a VPN solution for remote access. Please always initiate your VPN tunnel from Sentinel but not from Prestige.

12. How can I verify if the VPN connection is up in Sentinel?

You can check if your VPN connection is up by double clicking SSH icon in system tray. If the connection is up, you should see your VPN network in the popped out window.

13. I am using EnterNet 300, a PPPoE dial up software. Any concern?

If using EnterNet PPP over Ethernet client, the network access type must be set from the client’s advanced connection settings to protocol driver. Open Enternet 300 Profiles window -> Connections -> Settings -> Advanced -> In Network Access section choose Protocol Driver. Please check http://www.nts.com/support/advsettings.html for more information.