DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a LAN. All running Windoze machines. File serving, firewall, gateway, backups all Debian boxes. Running sarge. I have the need to set up VPN for a working at home employee running Windoze XP (possibly 2K, not sure yet. )
I have done a lot of searching on the net and found a daunting amount of material and possible apps to implement. ( i currently have 10 tabs open in firefox)
My specific need to to have the home user be able to access the samba share on my file server. Ultimately printing would be nice, but not yet.
I need a little guidance and direction. If someone could be so kind as to push me off in the right direction it would be greatly appreciated.
i'd say hands down openvpn. i'd send my home-cooked howto to get it working, but for debian it's as easy as
apt-get install openvpn
works great in windows and linux, i have had a company box running as an openvpn server with 20 windows openvpn clients for 6 months with 0 problems. persistent tunnels with samba, nfs, etc have all been bombproof so far.
also note since openvpn uses SSL you can forward it to boxes behind your router if you use NAT which I wasn't able to do with IPSEC. This is also useful for clients that sit behind NAT at home.
Originally posted by bdp i'd say hands down openvpn. i'd send my home-cooked howto to get it working, but for debian it's as easy as
apt-get install openvpn
works great in windows and linux, i have had a company box running as an openvpn server with 20 windows openvpn clients for 6 months with 0 problems. persistent tunnels with samba, nfs, etc have all been bombproof so far.
also note since openvpn uses SSL you can forward it to boxes behind your router if you use NAT which I wasn't able to do with IPSEC. This is also useful for clients that sit behind NAT at home.
i think you'll find openvpn very satisfying.
cheers, -bp
Okay so I can handle the apt-get install of the openvpn. What do I need to do to the windows box? I have a firewall machine and the samba server is behind that. (seperate machine) I have read a little about IPSEC, I can propably weed my way through it. I am a quick study at this stuff, but a little lazy, I like to get to the root of things quickly. If you have a home cooked howto that would be great. And i really like "bombproof" solutions.
this is what i do, let me know if it isn't clear. you can ignore my routing update batch file but i'll leave it in as a demo. try to ping 10.0.10.1 from 10.0.10.2 and vice versa to test.
cheers, -bp
OpenVPN setup
SERVER SIDE:
setup openvpn-2.0_rc6 as follows:
First load LZO code:
tar -xzvf lzo-1.08.tar.gz in /usr/local
cd /usr/local/lzo-1.08
./configure
make
make check
make test ( takes a while, wait for "all tests passed. Now you are ready to install LZO" )
make install
Now setup OpenVPN on linux server (2.4.25 kernel was used for this test):
tar -xzvf openvpn-2.0_rc6.tar.gz in /usr/local
cd /usr/local/openvpn-2.0_rc6
./configure
make
make install
now test cryptography:
openvpn --genkey --secret keyname.txt
openvpn --test-crypto --secret keyname.txt
above tests should produce no errors.
now test SSL/TLS negotiations: (execute each command in a different window at same time:
(window 1) openvpn --config sample-config-files/loopback-client
(window 2) openvpn --config sample-config-files/loopback-server
above tests should establish a connection between client and server in the 2 windows
ensure tun device present in /dev/net :
look for /dev/net/tun
also, locate if_tun.h should produce /usr/src/linux-2.4.25/include/linux/if_tun.h
if no /dev/net/tun but can locate if_tun.h, do: mknod /dev/net/tun c 10 200
Now setup the server:
make a static key:
mkdir /usr/local/openvpn-2.0_rc6/CONFIG_FILES
openvpn --genkey --secret /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_key_server1.txt
config file /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_config_server1
<---------
# USING PRESHARED KEYS
dev tun
# remote 192.168.10.2
ifconfig 10.0.10.1 10.0.10.2
# 10.0.10.1 is server ; 10.0.10.2 is remote vpn client
# tun-mtu 1500
secret /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_key_server1.txt
<---------
setup routing on server, add the following to /etc/rc.d/rc.local
(note: this server is assumed to sit behind a frontend firewall)
also run these commands at command line if want to run VPN server before rebooting box to call rc.local .
<---------
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables --append FORWARD -i tun0 -j ACCEPT
<---------
Now start the server:
chmod 700 /usr/local/openvpn-2.0_rc6/CONFIG_FILES/start_vpn_server1
/usr/local/openvpn-2.0_rc6/CONFIG_FILES/start_vpn_server1 &
CLIENT SIDE:
Now setup a windows client:
setup openvpn-2.0_rc6-install.exe on windows box (win2k SP0 used here) with all default settings.
reboot
in a new folder somewhere titled VPN_CONNECT on the Windows box, add the following:
vpn_key_server1.txt
config file somewhere/VPN_CONNECT/vpn_go_server1.bat
note: add --redirect-gateway if want vpn server to be default gw for windows client
<---------
openvpn --verb 5 --remote vpnserver.ip.or.dns.name 5000 --dev tun --ifconfig 10.0.10.2 10.0.10.1 --secret vpn_key_server1.txt
<---------
TRY THE TUNNEL:
double-click on somewhere/VPN_CONNECT/vpn_go_server1.bat
should see connection establish in ~10 seconds
update routing tables:
double-click on config file somewhere/VPN_CONNECT/vpn_update_routing_server1
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.