VPN Advice - newbie
Loving Linux and learning.
I have a LAN. All running Windoze machines. File serving, firewall, gateway, backups all Debian boxes. Running sarge. I have the need to set up VPN for a working at home employee running Windoze XP (possibly 2K, not sure yet. ) I have done a lot of searching on the net and found a daunting amount of material and possible apps to implement. ( i currently have 10 tabs open in firefox) My specific need to to have the home user be able to access the samba share on my file server. Ultimately printing would be nice, but not yet. I need a little guidance and direction. If someone could be so kind as to push me off in the right direction it would be greatly appreciated. Thanks Paul |
i'd say hands down openvpn. i'd send my home-cooked howto to get it working, but for debian it's as easy as
apt-get install openvpn works great in windows and linux, i have had a company box running as an openvpn server with 20 windows openvpn clients for 6 months with 0 problems. persistent tunnels with samba, nfs, etc have all been bombproof so far. also note since openvpn uses SSL you can forward it to boxes behind your router if you use NAT which I wasn't able to do with IPSEC. This is also useful for clients that sit behind NAT at home. i think you'll find openvpn very satisfying. cheers, -bp |
Quote:
thanks, Paul |
home-cooked step-by-step to get OpenVPN working
this is what i do, let me know if it isn't clear. you can ignore my routing update batch file but i'll leave it in as a demo. try to ping 10.0.10.1 from 10.0.10.2 and vice versa to test.
cheers, -bp OpenVPN setup SERVER SIDE: setup openvpn-2.0_rc6 as follows: First load LZO code: tar -xzvf lzo-1.08.tar.gz in /usr/local cd /usr/local/lzo-1.08 ./configure make make check make test ( takes a while, wait for "all tests passed. Now you are ready to install LZO" ) make install Now setup OpenVPN on linux server (2.4.25 kernel was used for this test): tar -xzvf openvpn-2.0_rc6.tar.gz in /usr/local cd /usr/local/openvpn-2.0_rc6 ./configure make make install now test cryptography: openvpn --genkey --secret keyname.txt openvpn --test-crypto --secret keyname.txt above tests should produce no errors. now test SSL/TLS negotiations: (execute each command in a different window at same time: (window 1) openvpn --config sample-config-files/loopback-client (window 2) openvpn --config sample-config-files/loopback-server above tests should establish a connection between client and server in the 2 windows ensure tun device present in /dev/net : look for /dev/net/tun also, locate if_tun.h should produce /usr/src/linux-2.4.25/include/linux/if_tun.h if no /dev/net/tun but can locate if_tun.h, do: mknod /dev/net/tun c 10 200 Now setup the server: make a static key: mkdir /usr/local/openvpn-2.0_rc6/CONFIG_FILES openvpn --genkey --secret /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_key_server1.txt config file /usr/local/openvpn-2.0_rc6/CONFIG_FILES/start_vpn_server1 <--------- # /bin/bash openvpn --verb 5 --lport 5000 --config /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_config_server1 <--------- config file /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_config_server1 <--------- # USING PRESHARED KEYS dev tun # remote 192.168.10.2 ifconfig 10.0.10.1 10.0.10.2 # 10.0.10.1 is server ; 10.0.10.2 is remote vpn client # tun-mtu 1500 secret /usr/local/openvpn-2.0_rc6/CONFIG_FILES/vpn_key_server1.txt <--------- setup routing on server, add the following to /etc/rc.d/rc.local (note: this server is assumed to sit behind a frontend firewall) also run these commands at command line if want to run VPN server before rebooting box to call rc.local . <--------- echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables --append FORWARD -i tun0 -j ACCEPT <--------- Now start the server: chmod 700 /usr/local/openvpn-2.0_rc6/CONFIG_FILES/start_vpn_server1 /usr/local/openvpn-2.0_rc6/CONFIG_FILES/start_vpn_server1 & CLIENT SIDE: Now setup a windows client: setup openvpn-2.0_rc6-install.exe on windows box (win2k SP0 used here) with all default settings. reboot in a new folder somewhere titled VPN_CONNECT on the Windows box, add the following: vpn_key_server1.txt config file somewhere/VPN_CONNECT/vpn_go_server1.bat note: add --redirect-gateway if want vpn server to be default gw for windows client <--------- openvpn --verb 5 --remote vpnserver.ip.or.dns.name 5000 --dev tun --ifconfig 10.0.10.2 10.0.10.1 --secret vpn_key_server1.txt <--------- config file somewhere/VPN_CONNECT/vpn_update_routing_server1 <--------- route add 192.168.0.36 MASK 255.255.255.255 10.0.10.1 METRIC 1 route add 192.168.0.7 MASK 255.255.255.255 10.0.10.1 METRIC 1 ping 192.168.0.7 pause <--------- TRY THE TUNNEL: double-click on somewhere/VPN_CONNECT/vpn_go_server1.bat should see connection establish in ~10 seconds update routing tables: double-click on config file somewhere/VPN_CONNECT/vpn_update_routing_server1 VPN should be up. |
All times are GMT -5. The time now is 08:45 AM. |