LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-24-2005, 08:08 AM   #1
logo
Member
 
Registered: Sep 2004
Distribution: Fedora Core 3
Posts: 47

Rep: Reputation: 15
Creating a Linux<-WinXP VPN with OpenSwan


Hi everybody, I need your help.
I have a small LAN with a Linux Fedora 3 box, which is used as a gateway into the internet. What I want to do is that I create a OpenSwan VPN server on the Linux machine and create a tunnel with my friend over the net. I've downloaded and rpm'd the needed package, but now what? Help documents say that i should start IPsec service, so i run "/sbin/service ipsec start", that works. But then the documentation refers to using ipsec command with various parameters, but the console says "ipsec: command not found". Also, when I start the Ipsec service, I cannot connect to the net form my LAN computers.
Can anyone tell me what am I doing wrong?
 
Old 02-05-2005, 12:38 AM   #2
Jerre Cope
Member
 
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323

Rep: Reputation: 37
First you need to edit the ipsec.conf and ipsec.secrets file for your tunnel. Your ipsec.conf file should look something like this:
Code:
conn yourfriend
	authby=secret
	left=yourself.dyndns.biz
	leftsubnet=192.168.9.0/24
	right=yourfriend.dyndns.biz
	rightsubnet=192.168.0.0/24
	pfs=yes
The ipsec.secrets file should look something like:
Code:
yourself.dyndns.biz yourfriend.dyndns.biz: PSK "your shared password secret xxxx"
The ipsec.secrets file also documents the setup for an rsa public key exchange, which is more secure, but many of the appliance routers with vpn capability only support PSK

The next problem with configuring IPSEC will be putting the right holes in your firewall. I found the Shorewall firewall made the configuration easier.
 
Old 02-05-2005, 01:57 AM   #3
logo
Member
 
Registered: Sep 2004
Distribution: Fedora Core 3
Posts: 47

Original Poster
Rep: Reputation: 15
A bit dfferent problem now

Thank you for your reply. I have a bit different problem now. I have been looking into Openswan, and I found this step-by-step Openswan VPN guide here, which is absolutley prefect, exept one thing. Openswan won't accept the text I am supposed to enter into ipsec.conf . Can you help me format that text so that it will work?
thank you
 
Old 02-05-2005, 10:26 AM   #4
Jerre Cope
Member
 
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323

Rep: Reputation: 37
Yes, though I'm by no means an expert. Other useful debugging commands are:
ipsec verify
and
ipsec barf
 
Old 02-07-2005, 09:40 AM   #5
logo
Member
 
Registered: Sep 2004
Distribution: Fedora Core 3
Posts: 47

Original Poster
Rep: Reputation: 15
Thank you. I will appreciate any help with getting the ipsec.conf work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authorizing Openswan VPN connection logo Linux - Networking 1 03-05-2005 04:46 AM
Winxp Client Connet To Vpn (poptop) Not Working Probably ronaldlee Linux - Networking 13 08-31-2004 03:11 AM
creating a vpn connection Dunadan1821 Linux - Networking 3 08-24-2004 05:18 AM
creating VPN with PPtP to connect to a router Lleb_KCir Linux - General 3 08-11-2004 11:50 PM
creating a VPN with Linux? mfeoli Linux - Networking 3 06-23-2004 06:40 AM


All times are GMT -5. The time now is 09:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration