setting up a VPN from scratch

[Charles Steinkuehler]

Ben Coffman wrote:
> LUGers
> 
> What would be a good web site or book to read about setting up a VPN between
> two RH Linux machines?  Do I use software for this, or do I just configure
> the firewall just so...

You need some software to do the encrypting, or you wind up with a VN, 
not a VPN. :)

Linux solutions include the FreeS/WAN IPSec implementation, which is 
very powerful, but pretty complex to initiall setup, as kernel patching 
is required.  You can also use ssh, ssl, cipe, and several other 
options.  What will work best for you depends on how you plan to use the 
VPN link, if you care about adhering to some sort of standard (like 
ipsec), and how much effort you want to put into up-front setup and 
ongoing maintainence.

You might want to start with the VPN-HOWTO:
http://www.tldp.org/HOWTO/VPN-HOWTO/

...which describes how to build a VPN with SSH, and covers some basics 
and describes some alternatives.

I'd also suggest reading through the FreeS/WAN docs if you want a true 
VPN.  The ssh tunnels can run into problems with less than perfect 
connections...since ssh is running over TCP (a guaranteed delivery 
mechanism), if you run tcp connections through an ssh tunnel, you can 
get nasty interactions between the two tcp stacks if your link drops or 
mangles packets, which can rapidly degrade the usefulness of your "VPN".

http://www.freeswan.org/doc.html

FYI:  I'd rate configuring FreeS/WAN about the same as dealing with bind 
(named) on my sysadmin complexity scale.  It's pretty hard to wrap your 
head around until you get everything working, but once setup and 
working, it's pretty easy to maintain.

-- 
Charles Steinkuehler
charles at steinkuehler.net