Monday, November 4, 2013

SonicWall SSL-VPN setup from SSH Command-Line

Here's how to configure the Sonicwall SSL-VPN from the CLI. I'm trying to improve my SonicWall command line skills, so I thought I'd post this here.

In addition to below, you'll also need to add your user to the SSL-VPN group under Users, Local Users.

I left out the part where you exit the config mode and are prompted to save the configuration. Just type yes.

This uses the tunnel-all mode. You'll need to setup add your routes manually if you're limiting access to certain networks.

C:\Documents and Settings\Administrator>ssh -v
OpenSSH_4.1p1, OpenSSL 0.9.8 05 Jul 2005
usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [user@]hostname [command]

C:\Documents and Settings\Administrator>ssh adminuser@
The authenticity of host ' (' can't be established.
RSA key fingerprint is --------------------------------------.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.

Copyright (c) 2012 Dell | SonicWALL, Inc.

Using username 'adminuser'.

adminuser@SonicwallSerialNumber> conf

config(SonicwallSerialNumber)# ssl-vpn server
(config-sslvpn-server)# port 4433
(config-sslvpn-server)# cipher aes256-sha1
(config-sslvpn-server)# sslvpn-access WAN
(config-sslvpn-server)# exit

config(SonicwallSerialNumber)# ssl-vpn profile
(config-sslvpn-profile)# device-profile "Default Device Profile"
(edit-sslvpn-profile-routes[Default Device Profile])# tunnel-all
(edit-sslvpn-profile-client[Default Device Profile])# exit
(edit-sslvpn-profile[Default Device Profile])# exit
(config-sslvpn-profile)# exit

config(SonicwallSerialNumber)# exit
adminuser@SonicwallSerialNumber> exitRead from remote host Connection reset by peer