Establishing a VPN connection (host to host) using IPSec services
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Establishing a VPN connection (host to host) using IPSec services
Hi,i would like to establish a VPN connection which can hold either 'two' hosts..and secondly if that's done i would like to go for more number of users..Can i do it using IPSec services??if yes then how??
no, sorry. vpn's generally take some setup on both ends. see documentation at http://www.openswan.org and http://www.openvpn.org. most linux distros will have the software already compiled and ready to install, via yum/rpm or apt-get, etc, so don't bother downloading the software from those sites unless you need to.
openvpn is ssl-vpn only. if you need ipsec then use openswan.
Openswan is there, I use it on my ubuntu systems. If you can't find it, search for it at http://packages.ubuntu.com/ to find out which repository to use. To do that, edit /etc/apt/sources (uncomment the appropriate lines) and run 'apt-get update', then 'apt-get install openswan'
Establishing a VPN connection (host to host) using IPSec services
I have installed openswan using what you said..but in the network connections when i say 'edit connections' and go to 'VPN tab' there are two options 'openvpn' and 'PPTP' which i had already installed ..how do i get VPN with IPSec (i.e. what i installed using 'openswan')..Do i need to use the 'import' option ? If yes then how do i import??What is the procedure for X.509 certification??
After installing openswan it said that the connections to the internet will be slow! Why??
I installed openswan as follows:
adithya@ubuntu:/$ sudo apt-get install openswan
Reading package lists... Done
Building dependency tree
Reading state information... Done
openswan is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 107 not upgraded.
adithya@ubuntu:/$
unfortunately I cannot help you learn openswan in a single forum thread. But I'll address your points.
VPN tab -- I don't know what distro or desktop you are using, but I assume that if ipsec is not showing up in your UI, then the UI does not support it. You will have to just edit the configuration files directly.
X509 is complex, please refer to the documentation.
Quote:
After installing openswan it said that the connections to the internet will be slow! Why??
Where does it say that? This is not generally true.
Quote:
adithya@ubuntu:/$ sudo apt-get install openswan
...
openswan is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 107 not upgraded.
Good, it appears that it was already installed. You should be ready to start, but be prepared to read as there are numerous ways to configure openswan ipsec. Also be ready to build and edit configuration files using a text editor.
Establishing a VPN connection (host to host) using IPSec services
I am using ubuntu 9.04 (Jaunty Jackalope Desktop version).I am still not able to configure VPN using IPSec as it doesn't show up in the extreme right top corner's Network Manager's VPN Tab.So i went for openvpn and VPN using PPTP..These two show up when i say 'Add' through Network Manager's VPN Tab..Then it says "Choose VPN connection type"..I selected PPTP..Then it asked me for 'gateway'..'username and password' which is optional..along with NT domain..What do i enter in these fields??I went into Advanced Tab and checked MPPE..and also checked "Connect automatically"..yet it doesn't show it connected..
My "DSL Connection" is working fine though..What can be the problem??
NetworkManager has pluggable support for VPN software, including Cisco compatible VPNs (using vpnc), openvpn, and Point-to-Point Tunneling Protocol (PPTP). Support for other vpn clients is welcomed. Simply install the NetworkManager VPN plugin your site uses, and pre-load the user's machines with the VPN's settings. The first time they connect, the user will be asked for their passwords.
> Is there, or is there planned, a generic IPSEC vpn plugin for
> NetworkManager?
> ...
Openswan has a GSoC project submission for this. One of the issues is
the architecture of NM, which focusses on user-based, and the the
architecture of ipsec, which is host-based. This creates some issues,
one of which is where and how to store and pass user/host credentials.
At this point I think you need to do your own homework. You're asking me to teach you to drive by exchanging forum posts. VPNs can be complex and are network-specific, there is no one-size-fits-all solution. I thought you needed IPsec, but if any encrypted connection will do then consider ssh.
From here, you should:
learn about vpns
figure out what you are trying to set up with your systems in terms that vpn admins use : "VPN connection which can hold either 'two' hosts" doesn't make any sense.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.