Intra2net Administrator Manual
   Next

Intra2net Administrator Manual

Intra2net AG

The contents of this manual have been prepared with care. However, the information in this manual is not a warranty of product performance. Intra2net AG shall only be liable to the extent of its sales and delivery conditions and shall not assume any liability for technical inaccuracies and/or omissions. The information in this manual is subject to change without notice. Additional information, as well as changes and version information for Intra2net systems can be found online at https://www.intra2net.com

The Intra2net system establishes communication connections depending on the configuration. In order to avoid unwanted charges and data loss, the product should be monitored and backed up at regular intervals. Intra2net accepts no responsibility for loss of data, accidental connection costs or damage caused by the unattended operation of the product.

Intra2net and the Intra2net logo are registered trademarks of Intra2net AG. Company and product names are mostly trademarks of their respective companies or manufacturers.

Copyright © 1999-2026 Intra2net AG. All rights reserved. No part of this manual may be reproduced or reused in any form whatsoever without prior written permission from Intra2net AG.


          Intra2net AG
          Mömpelgarder Weg 8
          72072 Tübingen
          Germany
        

Valid for Intra2net software version 7.0.4

Valid for Intra2net Groupware Client Version 5.1.0

20. May 2026

Table of Contents

1. Installation
1. Welcome
1.1. About this Manual
1.2. Factory Settings
2. Installation on Own Hardware
2.1. Hardware Selection
2.2. Installing as a Virtual Machine
2.3. Location
2.4. BIOS
2.5. RAID
2.6. Installation of the operating system
2.6.1. Installation from a USB flash drive
2.6.2. Installation from DVD
2.6.3. Start of the installation
2.6.4. Serial console
2.6.5. Solving Compatibility Problems
3. Installing as a Virtual Machine
3.1. Comparison to Real Hardware
3.1.1. Inconsistent performance speed
3.1.2. Lower I/O Performance
3.1.3. Contact with Unfiltered Network Packets
4. Installation on VMware vSphere Hypervisor 4 (ESXi)
4.1. Virtual Machine Configuration
4.2. Virtual Machine with Direct Internet Access
4.3. Installing the Intra2net System
5. Installation of Microsoft Hyper-V on Windows Server 2012 R2
5.1. Virtual Machine Configuration
5.2. Installation of the Intra2net System
6. The Console
6.1. Intra2net Appliance Micro
6.2. Network Cards
6.3. DNS and DHCP
6.4. Firewall Emergency Mode
6.5. Restore to Factory Settings
6.6. The Root Password
6.7. The Linux Shell
7. The Web Interface
7.1. Accessing the Web Interface
7.2. License Code
7.3. The Main Page
7.4. The Queue
7.5. The Configuration Check
7.6. Shutdown necessary
2. General Functions
8. Intranet
8.1. IPs and Networks
8.2. VLAN Tagging
8.3. Access Rights of a Network Object
8.4. Domain and DNS
8.4.1. The Intra2net system as local DNS server
8.4.2. Integrate another DNS server in the LAN
8.4.3. Forward DNS to Other Domains
8.4.4. Prevent DNS Rebind
8.5. Registering Clients
8.5.1. Wake-On-LAN
8.5.2. DHCP
8.6. DHCP-Server
8.7. Entering Ranges
8.8. Import/Export Client Profiles
8.8.1. Importing Clients
8.8.2. Exporting Clients
8.9. Intranet Routing
9. SSL Encryption and Certificates
9.1. Principles and Dangers of SSL Encryption
9.2. Correctly Creating Certificates
9.2.1. The Computer Name
9.2.2. Configuration
9.3. Installing Certificates on Clients
9.3.1. Installation with Windows
9.3.2. Distributing Certificates via Active Directory
9.4. User Education and Awareness
9.5. Using an External Certificate Authority
9.5.1. Certificates from Let's Encrypt
9.5.2. Certificates from classic certification authorities
9.6. Key Import
9.7. Encryption Strength
10. Internet
10.1. Dial-up with DSL (PPPoE)
10.2. Dial-up with DSL (PPTP)
10.3. Router with static IP
10.4. Router with DHCP or Cable Modem
10.5. Router on the Local Network
10.6. Router vs. Modem
10.7. Official IPs and DMZs
10.7.1. Classic Routing
10.7.2. Static NAT
10.7.3. Proxy-ARP
10.8. Automatic Connection
10.9. Connection Monitoring
10.10. Switching to Other Providers in the Event of an Error (Fallback)
10.11. Bandwidth Management and VoIP Prioritization
10.11.1. Bandwidth Management
10.11.2. Prioritize VoIP and Real-time Data
10.12. Masquerading / NAT
10.13. DynDNS
10.13.1. Providers
10.13.2. Updates and the IP Address Used
10.14. External access
11. Proxy
11.1. Overview
11.2. Access to the Proxy
11.3. Proxy Configuration
11.4. URL Filter
11.4.1. Proxy Profile
11.4.2. Proxy Access Lists
11.4.3. Time Management
11.5. Web Content Filter
11.6. Proxy Virus Scanner
12. Statistics and Data Privacy
12.1. Proxy Statistics
12.1.1. Proxy Logging
12.1.2. Analysis
12.1.3. Methodology
12.2. Internet Access Statistics
12.2.1. Methodology
12.3. Speedometer
12.3.1. Methodology
12.3.2. Sites
12.3.3. Data Privacy
12.4. Space Usage Statistics
12.5. Data Privacy
13. Usermanager
13.1. User Groups
13.1.1. Access Rights
13.1.2. Administration Rights
13.2. User
13.2.1. Settings for Email and Groupware
13.3. Import/export of User Profiles
13.3.1. Importing Users
13.3.2. Exporting Users
14. Email
14.1. Email Relay
14.1.1. Rights
14.1.2. SMTP-Submission
14.1.3. Dispatch Methods
14.1.4. Dispatch via relay server
14.1.5. Direct Dispatch
14.1.6. Choosing the dispatch method
14.2. Receiving emails on the client (POP or IMAP)
14.3. Receive emails using the Intra2net system
14.3.1. Methods
14.3.2. Retrieving individual POP accounts
14.3.3. Direct delivery via SMTP
14.3.4. Retrieval of collective POP accounts (multidrop)
14.4. Forwarding of entire domains
14.4.1. Method
14.4.2. Recipient Address Check
14.4.3. Forwarding of individual POP accounts
14.5. Email Addressing
14.5.1. Address Settings
14.5.2. Email Addresses and Aliases
14.6. Email Processing
14.6.1. Forwarding
14.6.2. Automatic Response
14.6.3. Sorting
14.6.4. Automatic deletion
14.7. Emailfilter
14.7.1. Spamfilter
14.7.2. Virus Scanner
14.7.3. Attachment Filter
14.8. DKIM
14.8.1. Basic principles
14.8.2. Implementation
14.8.3. Further standards
14.8.4. Prerequisites for use
14.8.5. Configuration
14.8.6. Filtering and quarantine
14.8.7. Header lists and exceptions
14.8.8. Rotate the key
14.9. Archiving
14.9.1. Interface
14.9.2. Connecting the MailStore Server
14.10. Automatic Transfer
14.11. Mailinglist
14.12. Additional Settings
14.13. Queue
14.14. Structure of the mail system
14.15. Differences between licenses
15. Services
15.1. Timeserver
15.2. Monitoring via SNMP
16. System Functions
16.1. License
16.1.1. Demo Mode
16.1.2. License Code
16.1.3. Update Period
16.2. Updates
16.2.1. Remote Update via Partner Web
16.2.2. Rescue System
16.3. Backup
16.3.1. Backup protection
16.3.2. Storage period
16.3.3. Remote Storage
16.3.4. Restore
16.3.5. Procedure for Hard Drive Damage or Hardware Replacement
16.3.6. Hardware migration with Intra2net support
16.4. Contingency Planning and Recovery Time
16.4.1. Cold standby
16.4.2. Hot standby
16.4.3. Preventive replacement
16.5. Operation Behind Firewall
16.6. Logfiles
16.7. Logcheck Reports
16.8. Scheduled Shutdown
16.9. Inspection and repair of filesystems
3. Groupware Client
17. Introduction
17.1. System Requirements
17.2. Overview of Features
17.3. Known Limitations
18. Installation
18.1. Installing the Program
18.2. Distributing the Program via Active Directory
18.3. Switch from 32 bit to 64 bit
19. Setting up a Profile
20. Account Configuration
20.1. Groupware Account
20.1.1. Activate Certificate Check
20.1.2. Deactivating the Search Indexer
20.2. Importing Existing Data
20.2.1. Importing Using Outlook Import
20.2.2. Importing Larger Amounts of Emails
20.3. Setting up Multiple Accounts and Email Addresses
20.3.1. Multiple Server Accounts
20.3.2. Multiple Outgoing Mail Identities
20.4. Converting Previous Installations of the Groupware Client
21. Linking Folders
21.1. Linking Own Folders
21.1.1. Automatic registration
21.1.2. Excluding Folders from Synchronization
21.1.3. Update folder list
21.2. Linking Shared Folders
22. Sharing Folders
22.1. Rights
22.2. Read Status Shared/Individual
23. Folder Linking Expert Mode
23.1. Linking Shared Folders
23.2. Manual folder linking
23.2.1. Switching to Manual Linking
23.2.2. Linking an Individual Folder
23.2.3. Unlinking a folder
24. Additional Features
24.1. Folder Hierarchy and ibx_sub
24.2. Folder Options
24.3. Editing Server-Side Settings
24.4. Categories and color assignment
24.4.1. Recommendation for shared color assignment
24.4.2. Reset local color assignment
24.4.3. Changing an existing color assignment
24.5. Use Free/Busy Information
24.5.1. Outlook 2013 to 2024
24.6. Marking as Private
24.7. Reminders in Shared Folders
24.8. User-Defined Fields in Contacts
24.9. Showing Item Source Text
24.10. Backup Folders
24.10.1. Backup Data after Restore
24.10.2. Backup of local data when resetting to automatic mode
24.11. Advice to the User
24.12. Log files
24.12.1. Submitting log files to support
25. Advanced Email Configuration
25.1. Retrieve Emails Completely or Only Headers
25.2. Notification of New Emails
25.3. Marking Moved Emails as Read
25.4. Email Reminders and Tracking
25.5. Read receipts
26. Compatibility and Collaboration
26.1. Personal firewalls on the Client
26.2. Virus Scanner on the Client
26.3. Compatibility with PDAs and Mobile Phones
26.4. Other Programs
26.4.1. Incompatible Addins
26.5. Automatic detection of compatibility problems
27. Concept for public folders
27.1. Setup
27.2. Emails
28. Migrating Emails with IMAPCopy
29. Migration from Microsoft Exchange
29.1. Offline Migration
29.1.1. Migration Step-by-step
29.2. Migration During Operation
29.2.1. Preparing for Migration
29.2.2. Migrating Individual Users
29.2.3. Shared Folders
29.2.4. Final steps
30. Reference Information
30.1. Synchronizable data
30.1.1. Tasks
30.1.2. Meetings
30.1.3. Notes
30.1.4. Contacts
30.1.5. Contact Groups
30.1.6. Emails
30.1.7. All Items
30.2. Advanced Registry Settings
30.2.1. Store Settings
30.2.2. Addin Settings
30.3. Data Formats
4. Web-Groupware and ActiveSync
31. Introduction to Web Groupware
31.1. The Display Modes
32. Email
32.1. Reading and Editing Emails
32.1.1. Displaying Emails
32.1.2. Deleted Emails
32.1.3. Exporting Emails
32.2. Sending Emails
32.2.1. New Message
32.2.2. Append Signatures
32.3. Managing Folders
32.3.1. Folder Hierarchy
32.3.2. Organizing Folders
32.3.3. Subscribing to Folders
32.3.4. Sharing Folders
33. Address Book
34. Connecting Mobile Devices using ActiveSync
34.1. Introduction
34.2. Server Settings
34.3. Special Features and Tips
34.3.1. Deleting Emails on the Server
34.3.2. Synchronization Steps
34.3.3. Manage and Resynchronize Devices
34.3.4. Synchronize Multiple Calendars or Contact Lists
35. ActiveSync with Android Devices
36. ActiveSync with Apple iOS Devices
37. Reference Information
5. Firewall
38. Selecting Firewall Rulesets
38.1. Rulesets on LAN
38.2. Rulesets for the Internet
38.3. Packet Routes Through the Firewall
38.3.1. Packet Routes on the LAN and Internet
38.3.2. Packet Routes for VPN Connections
39. Firewall Profile
39.1. General Basic LAN Rules
39.2. Client Profiles
39.3. Provider profile
40. Full Rulesets
40.1. Components
40.1.1. Services
40.1.2. Netgroups
40.1.3. Netgroups with DNS hostnames
40.1.4. Automatic Objects
40.2. Rulesets
40.2.1. Default Settings
40.2.2. Passing Through the Ruleset
40.2.3. Linking Rule Criteria
40.2.4. The Actions
40.2.5. Extra Options
40.2.6. Special Features of Provider Rulesets
41. Additional Functions
41.1. Checking MAC Addresses
41.2. Preventing LAN spoofing
41.3. Blocking IPs After Too Many Login Errors
41.4. Firewall Emergency Mode
42. Case Studies and Examples
42.1. Example 1: Extending a Simple Client Profile
42.1.1. Sample Solution
42.2. Example 2: Port Forwarding Only Accessible from an External IP
42.3. Example 3: Separate Guest Network
42.3.1. Sample Solution
42.4. Example 4: Restricted Access from the VPN
42.5. Example 5: Web Server in the DMZ
42.5.1. Sample Solution
6. IPSec VPN
43. IPSec Basics
43.1. IPSec
43.2. Public-Key Cryptography
43.3. Certificates
43.4. IPSec connections
43.5. Algorithms
43.6. Limitations
43.7. Compatibility with Other IPSec Peers
44. Key Management
44.1. Own Keys
44.1.1. Certificate Authorities (CAs)
44.2. Foreign Keys
45. strongSwan Versions
45.1. Configuration conflicts during migration
45.2. Differences between strongSwan versions 4 and 6
45.2.1. Pre-Shared key: The remote peer's IP address as the IPSec ID
45.2.2. Grouping connections to the same remote peer
45.2.3. Handling of Perfect Forward Secrecy (PFS) for Phase 2
45.2.4. mode config push vs. pull
45.2.5. Welcome message for VPN clients via mode config
45.2.6. Hex encoding for Pre-Shared Keys
45.2.7. Fragmentation of IKE packets
46. Connecting Individual PCs
46.1. Method
46.2. Preparing the configuration on the Intra2net system
46.2.1. Create certificate
46.2.2. Default settings for new connections
46.3. Automatic configuration for clients on the Intra2net system
46.4. Manual configuration on the Intra2net system
46.4.1. Prerequisites
46.4.2. Default Settings
46.4.3. Authentication
46.4.4. Configuring the Tunnel
46.4.5. Rights
46.4.6. Activation
47. VPN with the NCP Secure Entry Windows Client
47.1. Import
47.2. Establish connection
47.3. Connection protocols
48. VPN with the Shrew Soft VPN Client
48.1. Import
48.2. Establishing Connection
48.3. Connection Protocols
49. VPN with Mac OS X
49.1. Installation
49.2. Generating Certificates
49.3. Importing Certificates
49.4. Configuring Connections
49.5. Intra2net System
50. VPN with the NCP Secure Entry macOS Client
51. VPN with the Apple iOS devices
52. VPN with Android
52.1. Preparing the Device
52.2. Connection on the Intra2net System
52.3. Certificates
52.4. Connecting with Android
52.5. Simplify Connection Setup
53. VPN with the NCP Secure Android Client Premium
54. Connecting Complete Networks
54.1. Method
54.2. Configuration on the Intra2net System
54.2.1. Prerequisites
54.2.2. Default Settings
54.2.3. Authentication
54.2.4. Configuring the Tunnel
54.2.5. Rights
54.2.6. Activation
55. VPN with ZyXEL ZyWALL USG
55.1. Overview
55.2. Preparation
55.3. Certificate
55.4. Connection
55.4.1. IKE / Phase 1
55.4.2. IPSec / Phase 2
55.5. Intra2net System
55.6. Logs
56. VPN with Lancom Routers
56.1. Overview
56.2. Certificate for the Lancom device
56.3. Certificate for the Intra2net System
56.4. Connecting
56.5. Intra2net System
56.6. Deleting Certificates
57. VPN with Linux
57.1. Overview
57.2. Generating Certificates
57.3. Configuring Connections
57.4. Intra2net System
58. Solving IP Address Conflicts in VPNs Through NAT
58.1. The Problem
58.2. Configuration
58.3. Same IPs on LAN and Peer
58.3.1. Implementation
58.4. Multiple Peers with the Same IPs
58.4.1. Implementation
58.5. Local IPs Defined by Service Provider for Remote Maintenance
58.5.1. Implementation
59. Error Diagnosis
59.1. Reading Logs
59.2. Logging in strongSwan version 4
59.2.1. The Protocol Format of the Intra2net System
59.2.2. Error in Phase 1
59.2.3. Error in Phase 2
59.3. Logging in strongSwan version 6
59.3.1. The Protocol Format of the Intra2net System
59.3.2. Error in Phase 1
59.3.3. Error in Phase 2
7. WireGuard VPN
60. WireGuard basics
60.1. The WireGuard protocol
60.2. Customization by Intra2net
60.3. Comparison with IPSec
61. Preparing the configuration on the Intra2net system
61.1. Own key and interface
61.2. External address and firewall
61.3. Default settings for new connections
62. Connect individual PCs
62.1. Concept
62.2. Automatic configuration for clients on the Intra2net system
63. WireGuard clients
63.1. Installation
63.2. Configuration
63.3. Operating the client
63.3.1. Log files
63.3.2. DNS name resolution
63.4. Special features of the Windows client
63.4.1. Protection of private keys
63.4.2. Usage without administrator rights
63.4.3. Routing for the network Everything (0.0.0.0/0.0.0.0)
64. Connection to other Intra2net systems
65. Connection with other routers and firewalls
65.1. Remote site without own key
65.2. Remote site with existing own key
66. Connection with AVM FRITZ!Boxes
66.1. AVM FRITZ!Box without previous connection
66.2. AVM FRITZ!Box with other VPN connection
67. Status and error diagnosis
67.1. Mainpage
67.2. VPN status
67.3. Logs
8. Appendix
A. Licenses
A.1. Intra2net Software License Agreement
A.2. Licensed software
A.3. Notes on return and disposal
A.3.1. Separate collection of old equipment
A.3.2. Batteries and accumulators and lamps
A.3.3. Options for the return of old equipment
A.3.4. Data privacy notice
A.3.5. Meaning of the crossed out trash can symbol
A.3.6. Free collection of used batteries
A.3.7. Meaning of the battery symbols
B. License
B.1. Intra2net Groupware Client License Agreement (EULA)
B.2. Licensed Software
B.2.1. Info-ZIP
B.2.2. JsonCpp
Index

List of Examples

14.1. Sample excerpt from an email header with a normal envelope header
14.2. Sample excerpt from an email header with Qvirtual header
   Next
   Part 1. Installation