Intra2net Administrator Manual

Intra2net AG

The contents of this manual have been prepared with care. However, the information in this manual is not a warranty of product performance. Intra2net AG shall only be liable to the extent of its sales and delivery conditions and shall not assume any liability for technical inaccuracies and/or omissions. The information in this manual is subject to change without notice. Additional information, as well as changes and version information for Intra2net systems can be found online at https://www.intra2net.com

The Intra2net system establishes communication connections depending on the configuration. In order to avoid unwanted charges and data loss, the product should be monitored and backed up at regular intervals. Intra2net accepts no responsibility for loss of data, accidental connection costs or damage caused by the unattended operation of the product.

Intra2net and the Intra2net logo are registered trademarks of Intra2net AG. Company and product names are mostly trademarks of their respective companies or manufacturers.

Copyright © 1999-2024 Intra2net AG. All rights reserved. No part of this manual may be reproduced or reused in any form whatsoever without prior written permission from Intra2net AG.


          Intra2net AG
          Mömpelgarder Weg 8
          72072 Tübingen
          Germany
        

Valid for Intra2net software version 6.12.1

Valid for Intra2net Groupware Client Version 5.0.2

22. August 2024


Table of Contents

1. Installation
1. Welcome
1.1. About this Manual
1.2. Factory Settings
2. Installation on Own Hardware
2.1. Hardware Selection
2.2. Installing as a Virtual Machine
2.3. Location
2.4. BIOS
2.5. RAID
2.6. Installation of the operating system
2.6.1. Installation from a USB flash drive
2.6.2. Installation from DVD
2.6.3. Start of the installation
2.6.4. Serial console
2.6.5. Solving Compatibility Problems
3. Installing as a Virtual Machine
3.1. Comparison to Real Hardware
3.1.1. Inconsistent performance speed
3.1.2. Lower I/O Performance
3.1.3. Contact with Unfiltered Network Packets
4. Installation on VMware vSphere Hypervisor 4 (ESXi)
4.1. Virtual Machine Configuration
4.2. Virtual Machine with Direct Internet Access
4.3. Installing the Intra2net System
5. Installation of Microsoft Hyper-V on Windows Server 2012 R2
5.1. Virtual Machine Configuration
5.2. Installation of the Intra2net System
6. The Console
6.1. Intra2net Appliance Micro
6.2. Network Cards
6.3. DNS and DHCP
6.4. Firewall Emergency Mode
6.5. Restore to Factory Settings
6.6. The Root Password
6.7. The Linux Shell
7. The Web Interface
7.1. Accessing the Web Interface
7.2. License Code
7.3. The Main Page
7.4. The Queue
7.5. The Configuration Check
7.6. Shutdown necessary
2. General Functions
8. Intranet
8.1. IPs and Networks
8.2. VLAN Tagging
8.3. Access Rights of a Network Object
8.4. Domain and DNS
8.4.1. The Intra2net system as local DNS server
8.4.2. Integrate another DNS server in the LAN
8.4.3. Forward DNS to Other Domains
8.4.4. Prevent DNS Rebind
8.5. Registering Clients
8.5.1. Wake-On-LAN
8.5.2. DHCP
8.6. DHCP-Server
8.7. Entering Ranges
8.8. Import/Export Client Profiles
8.8.1. Importing Clients
8.8.2. Exporting Clients
8.9. Intranet Routing
9. SSL Encryption and Certificates
9.1. Principles and Dangers of SSL Encryption
9.2. Correctly Creating Certificates
9.2.1. The Computer Name
9.2.2. Configuration
9.3. Installing Certificates on Clients
9.3.1. Installation with Windows
9.3.2. Distributing Certificates via Active Directory
9.4. User Education and Awareness
9.5. Using an External Certificate Authority
9.5.1. Certificates from Let's Encrypt
9.5.2. Certificates from classic certification authorities
9.6. Key Import
9.7. Encryption Strength
10. Internet
10.1. Dial-up with DSL (PPPoE)
10.2. Dial-up with DSL (PPTP)
10.3. Router with static IP
10.4. Router with DHCP or Cable Modem
10.5. Router on the Local Network
10.6. Router vs. Modem
10.7. Official IPs and DMZs
10.7.1. Classic Routing
10.7.2. Static NAT
10.7.3. Proxy-ARP
10.8. Automatic Connection
10.9. Connection Monitoring
10.10. Switching to Other Providers in the Event of an Error (Fallback)
10.11. Bandwidth Management and VoIP Prioritization
10.11.1. Bandwidth Management
10.11.2. Prioritize VoIP and Real-time Data
10.12. Masquerading / NAT
10.13. DynDNS
10.13.1. Providers
10.13.2. Updates and the IP Address Used
10.14. External access
11. Proxy
11.1. Overview
11.2. Access to the Proxy
11.3. Proxy Configuration
11.4. URL Filter
11.4.1. Proxy Profile
11.4.2. Proxy Access Lists
11.4.3. Time Management
11.5. Web Content Filter
11.6. Proxy Virus Scanner
12. Statistics and Data Privacy
12.1. Proxy Statistics
12.1.1. Proxy Logging
12.1.2. Analysis
12.1.3. Methodology
12.2. Internet Access Statistics
12.2.1. Methodology
12.3. Speedometer
12.3.1. Methodology
12.3.2. Sites
12.3.3. Data Privacy
12.4. Space Usage Statistics
12.5. Data Privacy
13. Usermanager
13.1. User Groups
13.1.1. Access Rights
13.1.2. Administration Rights
13.2. User
13.2.1. Settings for Email and Groupware
13.3. Import/export of User Profiles
13.3.1. Importing Users
13.3.2. Exporting Users
14. Email
14.1. Email Relay
14.1.1. Rights
14.1.2. SMTP-Submission
14.1.3. Dispatch Methods
14.1.4. Dispatch via relay server
14.1.5. Direct Dispatch
14.1.6. Choosing the dispatch method
14.2. Receiving emails on the client (POP or IMAP)
14.3. Receive emails using the Intra2net system
14.3.1. Methods
14.3.2. Retrieving individual POP accounts
14.3.3. Direct delivery via SMTP
14.3.4. Retrieval of collective POP accounts (multidrop)
14.4. Forwarding of entire domains
14.4.1. Method
14.4.2. Recipient Address Check
14.4.3. Forwarding of individual POP accounts
14.5. Email Addressing
14.5.1. Address Settings
14.5.2. Email Addresses and Aliases
14.6. Email Processing
14.6.1. Forwarding
14.6.2. Automatic Response
14.6.3. Sorting
14.6.4. Automatic deletion
14.7. Emailfilter
14.7.1. Spamfilter
14.7.2. Virus Scanner
14.7.3. Attachment Filter
14.8. DKIM
14.8.1. Basic principles
14.8.2. Implementation
14.8.3. Further standards
14.8.4. Prerequisites for use
14.8.5. Configuration
14.8.6. Filtering and quarantine
14.8.7. Header lists and exceptions
14.8.8. Rotate the key
14.9. Archiving
14.9.1. Interface
14.9.2. Connecting the MailStore Server
14.10. Automatic Transfer
14.11. Mailinglist
14.12. Additional Settings
14.13. Queue
14.14. Structure of the mail system
14.15. Differences between licenses
15. Services
15.1. Timeserver
15.2. Monitoring via SNMP
16. System Functions
16.1. License
16.1.1. Demo Mode
16.1.2. License Code
16.1.3. Update Period
16.2. Updates
16.2.1. Remote Update via Partner Web
16.2.2. Rescue System
16.3. Backup
16.3.1. Backup protection
16.3.2. Storage period
16.3.3. Remote Storage
16.3.4. Restore
16.3.5. Procedure for Hard Drive Damage or Hardware Replacement
16.3.6. Hardware migration with Intra2net support
16.3.7. Standby systems
16.4. Operation Behind Firewall
16.5. Logfiles
16.6. Logcheck Reports
16.7. Scheduled Shutdown
16.8. Inspection and repair of filesystems
3. Groupware Client
17. Introduction
17.1. System Requirements
17.2. Overview of Features
17.3. Known Limitations
18. Installation
18.1. Installing the Program
18.2. Distributing the Program via Active Directory
18.3. Switch from 32 bit to 64 bit
19. Setting up a Profile
20. Account Configuration
20.1. Groupware Account
20.1.1. Activate Certificate Check
20.1.2. Deactivating the Search Indexer
20.2. Importing Existing Data
20.2.1. Importing Using Outlook Import
20.2.2. Importing Larger Amounts of Emails
20.3. Setting up Multiple Accounts and Email Addresses
20.3.1. Multiple Server Accounts
20.3.2. Multiple Outgoing Mail Identities
20.4. Converting Previous Installations of the Groupware Client
21. Linking Folders
21.1. Linking Own Folders
21.1.1. Automatic registration
21.1.2. Excluding Folders from Synchronization
21.1.3. Update folder list
21.2. Linking Shared Folders
22. Sharing Folders
22.1. Rights
22.2. Read Status Shared/Individual
23. Folder Linking Expert Mode
23.1. Linking Shared Folders
23.2. Manual folder linking
23.2.1. Switching to Manual Linking
23.2.2. Linking an Individual Folder
23.2.3. Unlinking a folder
24. Additional Features
24.1. Folder Hierarchy and ibx_sub
24.2. Folder Options
24.3. Editing Server-Side Settings
24.4. Categories and color assignment
24.4.1. Recommendation for shared color assignment
24.4.2. Reset local color assignment
24.4.3. Changing an existing color assignment
24.5. Use Free/Busy Information
24.5.1. Outlook 2010 to 2021
24.5.2. Outlook 2007
24.6. Marking as Private
24.7. Reminders in Shared Folders
24.8. User-Defined Fields in Contacts
24.9. Showing Item Source Text
24.10. Backup Folders
24.10.1. Backup Data after Restore
24.10.2. Backup of local data when resetting to automatic mode
24.11. Advice to the User
24.12. Log files
24.12.1. Submitting log files to support
25. Advanced Email Configuration
25.1. Retrieve Emails Completely or Only Headers
25.2. Notification of New Emails
25.3. Marking Moved Emails as Read
25.4. Email Reminders and Tracking
25.5. Read receipts
26. Compatibility and Collaboration
26.1. Personal firewalls on the Client
26.2. Virus Scanner on the Client
26.3. Compatibility with PDAs and Mobile Phones
26.4. Other Programs
26.4.1. Incompatible Addins
26.5. Automatic detection of compatibility problems
27. Concept for public folders
27.1. Setup
27.2. Emails
28. Migrating Emails with IMAPCopy
29. Migration from Microsoft Exchange
29.1. Offline Migration
29.1.1. Migration Step-by-step
29.2. Migration During Operation
29.2.1. Preparing for Migration
29.2.2. Migrating Individual Users
29.2.3. Shared Folders
29.2.4. Final steps
30. Reference Information
30.1. Synchronizable data
30.1.1. Tasks
30.1.2. Meetings
30.1.3. Notes
30.1.4. Contacts
30.1.5. Contact Groups
30.1.6. Emails
30.1.7. All Items
30.2. Advanced Registry Settings
30.2.1. Store Settings
30.2.2. Addin Settings
30.3. Data Formats
4. Web-Groupware and ActiveSync
31. Introduction to Web Groupware
31.1. The Display Modes
32. Email
32.1. Reading and Editing Emails
32.1.1. Displaying Emails
32.1.2. Deleted Emails
32.1.3. Exporting Emails
32.2. Sending Emails
32.2.1. New Message
32.2.2. Append Signatures
32.3. Managing Folders
32.3.1. Folder Hierarchy
32.3.2. Organizing Folders
32.3.3. Subscribing to Folders
32.3.4. Sharing Folders
33. Address Book
34. Connecting Mobile Devices using ActiveSync
34.1. Introduction
34.2. Server Settings
34.3. Special Features and Tips
34.3.1. Deleting Emails on the Server
34.3.2. Synchronization Steps
34.3.3. Manage and Resynchronize Devices
34.3.4. Synchronize Multiple Calendars or Contact Lists
35. ActiveSync with Android Devices
36. ActiveSync with Apple iOS Devices
37. Reference Information
5. Firewall
38. Selecting Firewall Rulesets
38.1. Rulesets on LAN
38.2. Rulesets for the Internet
38.3. Packet Routes Through the Firewall
38.3.1. Packet Routes on the LAN and Internet
38.3.2. Packet Routes for VPN Connections
39. Firewall Profile
39.1. General Basic LAN Rules
39.2. Client Profiles
39.3. Provider profile
40. Full Rulesets
40.1. Components
40.1.1. Services
40.1.2. Netgroups
40.1.3. Automatic Objects
40.2. Rulesets
40.2.1. Default Settings
40.2.2. Passing Through the Ruleset
40.2.3. Linking Rule Criteria
40.2.4. The Actions
40.2.5. Extra Options
40.2.6. Special Features of Provider Rulesets
41. Additional Functions
41.1. Checking MAC Addresses
41.2. Preventing LAN spoofing
41.3. Blocking IPs After Too Many Login Errors
41.4. Firewall Emergency Mode
42. Case Studies and Examples
42.1. Example 1: Extending a Simple Client Profile
42.1.1. Sample Solution
42.2. Example 2: Port Forwarding Only Accessible from an External IP
42.3. Example 3: Separate Guest Network
42.3.1. Sample Solution
42.4. Example 4: Restricted Access from the VPN
42.5. Example 5: Web Server in the DMZ
42.5.1. Sample Solution
6. VPN
43. IPSec Basics
43.1. IPSec
43.2. Public-Key Cryptography
43.3. Certificates
43.4. IPSec connections
43.5. Algorithms
43.6. Limitations
43.7. Compatibility with Other IPSec Peers
44. Key Management
44.1. Own Keys
44.1.1. Certificate Authorities (CAs)
44.2. Foreign Keys
45. Connecting Individual PCs
45.1. Method
45.2. Preparing the configuration on the Intra2net system
45.2.1. Create certificate
45.2.2. Default settings for new connections
45.3. Automatic configuration for clients on the Intra2net system
45.4. Manual configuration on the Intra2net system
45.4.1. Prerequisites
45.4.2. Default Settings
45.4.3. Authentication
45.4.4. Configuring the Tunnel
45.4.5. Rights
45.4.6. Activation
46. VPN with the NCP Secure Entry Windows Client
46.1. Import
46.2. Establish connection
46.3. Connection protocols
47. VPN with the Shrew Soft VPN Client
47.1. Import
47.2. Establishing Connection
47.3. Connection Protocols
48. VPN with Mac OS X
48.1. Installation
48.2. Generating Certificates
48.3. Importing Certificates
48.4. Configuring Connections
48.5. Intra2net System
49. VPN with the NCP Secure Entry macOS Client
50. VPN with the Apple iOS devices
51. VPN with Android
51.1. Preparing the Device
51.2. Connection on the Intra2net System
51.3. Certificates
51.4. Connecting with Android
51.5. Simplify Connection Setup
52. VPN with the NCP Secure Android Client Premium
53. Connecting Complete Networks
53.1. Method
53.2. Configuration on the Intra2net System
53.2.1. Prerequisites
53.2.2. Default Settings
53.2.3. Authentication
53.2.4. Configuring the Tunnel
53.2.5. Rights
53.2.6. Activation
54. VPN with ZyXEL ZyWALL USG
54.1. Overview
54.2. Preparation
54.3. Certificate
54.4. Connection
54.4.1. IKE / Phase 1
54.4.2. IPSec / Phase 2
54.5. Intra2net System
54.6. Logs
55. VPN with Lancom Routers
55.1. Overview
55.2. Certificate for the Lancom device
55.3. Certificate for the Intra2net System
55.4. Connecting
55.5. Intra2net System
55.6. Deleting Certificates
56. VPN with Linux
56.1. Overview
56.2. Generating Certificates
56.3. Configuring Connections
56.4. Intra2net System
57. Solving IP Address Conflicts in VPNs Through NAT
57.1. The Problem
57.2. Configuration
57.3. Same IPs on LAN and Peer
57.3.1. Implementation
57.4. Multiple Peers with the Same IPs
57.4.1. Implementation
57.5. Local IPs Defined by Service Provider for Remote Maintenance
57.5.1. Implementation
58. Error Diagnosis
58.1. Reading Logs
58.2. The Protocol Format of the Intra2net System
58.3. Error in Phase 1
58.4. Error in Phase 2
7. Appendix
A. Licenses
A.1. Intra2net Software License Agreement
A.2. Licensed software
A.3. Notes on return and disposal
A.3.1. Separate collection of old equipment
A.3.2. Batteries and accumulators and lamps
A.3.3. Options for the return of old equipment
A.3.4. Data privacy notice
A.3.5. Meaning of the crossed out trash can symbol
A.3.6. Free collection of used batteries
A.3.7. Meaning of the battery symbols
B. License
B.1. Intra2net Groupware Client License Agreement (EULA)
B.2. Licensed Software
B.2.1. Info-ZIP
B.2.2. JsonCpp
Index