setting up a VPN from scratch
Charles Steinkuehler
charles at steinkuehler.net
Fri Feb 21 03:26:25 CST 2003
Ben Coffman wrote:
> LUGers
>
> What would be a good web site or book to read about setting up a VPN between
> two RH Linux machines? Do I use software for this, or do I just configure
> the firewall just so...
You need some software to do the encrypting, or you wind up with a VN,
not a VPN. :)
Linux solutions include the FreeS/WAN IPSec implementation, which is
very powerful, but pretty complex to initiall setup, as kernel patching
is required. You can also use ssh, ssl, cipe, and several other
options. What will work best for you depends on how you plan to use the
VPN link, if you care about adhering to some sort of standard (like
ipsec), and how much effort you want to put into up-front setup and
ongoing maintainence.
You might want to start with the VPN-HOWTO:
http://www.tldp.org/HOWTO/VPN-HOWTO/
...which describes how to build a VPN with SSH, and covers some basics
and describes some alternatives.
I'd also suggest reading through the FreeS/WAN docs if you want a true
VPN. The ssh tunnels can run into problems with less than perfect
connections...since ssh is running over TCP (a guaranteed delivery
mechanism), if you run tcp connections through an ssh tunnel, you can
get nasty interactions between the two tcp stacks if your link drops or
mangles packets, which can rapidly degrade the usefulness of your "VPN".
http://www.freeswan.org/doc.html
FYI: I'd rate configuring FreeS/WAN about the same as dealing with bind
(named) on my sysadmin complexity scale. It's pretty hard to wrap your
head around until you get everything working, but once setup and
working, it's pretty easy to maintain.
--
Charles Steinkuehler
charles at steinkuehler.net
More information about the Kclug
mailing list