Hi all folks,

I am searching Internet on VPN. Kindly advise where can I find a technical article on introduction of VPN. Pointers will be appreciated.

Thanks in advance.

B.R.
satimis

I am still working on getting it to work on my Redhat 9.0 server, but a good place to start is http://www.poptop.org/.

Hi,

Noted with thanks

B.R.
satimis

i trying to build a vpn ppp server with callback. i tried poptop but it didnt work properly..
Does anyone here have any tutorial? would be very helpfull!
my system "redhat 9.0"

I forgot...
If you have something for me to help me out, please send it to my email

pht@bind.ro

Hi,

Please try

http://www.poptop.org

to see whether it helps

B.R.
satimis

I have successfully used Freeswan to connect a redhat 9 roadwarrior or windows xp roadwarrior via vpn tunnel to the home machine running redhat 9.

http://cmisip.home.insightbb.com/freeswan.htm

Hi,

Congragulation.

I am interested to test freeswan or other vpn packages and have no idea how to proceed.

I have 2 desktop boxes running RH8,0 and RH9 respectively,each with 2 NICs and a broadband connection. What hardware I need to add? What shall be their setup? How to connect them to make this test.

Could you please provide me some advice. Thanks in advance.

B.R.
satimis

I use vpn two ways : to encrypt my wireless connection between the laptop and my gateway at home, and to encrypt the connection between the laptop and the home gateway via the internet when I am on the road. I assume you want the second option where you want to connect two computers across the internet zone. I have not done that kind of setup but I believe the way to do this is through a host to host vpn connection between the two machines. It's like a modified roadwarrior setup where "this PC" is left and "that PC" is right. Therefore, the definitions of left and right are reversed in each PC. Look at the first example of how I setup the MYLAPTOP and MYLIVINGROOM machines using rsa keys host to host to encrypt the wireless lan. Except, substititute the internet IP address of the two machines for left and right. Omit the leftsubnet and rightsubnet field. No values for nexthop are needed. You may have to read further down in the article as you may get the "no nexthop" error. Look at the relevant part of the modified _updown script.

If this is not what you want, provide a little more detail with what exactly you want to accomplish. The nic cards are irrelevant since I assume you are connecting across the internet zone. It would be pointless to encrypt two machines in a wired lan unless you have untrusted pcs in the same network. It is always prudent to encrypt a wireless connection because it is like a "all you can eat data buffet for everybody" within range of the wireless router.

Hi cmisip,

Thanks for your detail information.

I have 2 desktop PCs and one (1) ISP. While I connect one PC to Internet another PC is isolated from outside World. I have no router for sharing broadband. I may do masquerating using 1 PC to connect broadband and sharing the later/Internet with another PC.

If I want to test freeswan whether I need to purchase additional hardware. OR present hardware will be sufficient for the test.

Kindly advise. Thanks in advance.

B.R.
satimis

I guess I dont understand what you need freeswan for. If all you want is to allow both computers to access the internet via a single isp, all you need to do is to configure one of them (the one with the isp connection) as a two interface shorewall system (or something similar). One of its network interface card will connect to the cable modem. The other will connect to the other pc.
The first pc will perform IP masquerading for the second pc. Both will then have internet connections.

Hi,

Sorry maybe I have not explained clear in my previous postings.

I want to explore freeswan, not masquerading which I am now doing on Shorewall. With one ISP I would have problem to perform freeswan test unless I get a wireless router. Therefore I tried to seek your advice whether there will be other solution excluding purchasing a wireless router.

Thanks

B.R.
satimis

so you just want to establish a vpn connection between the two computers you have in your wired home network as a test.

Have you gotten a successful "ipsec verify" yet on both computers? This is clearly explained in the documentation. You have to get past this first, then configure /etc/ipsec.conf and transfer your rsa.

What are your computers internal IP's?

Hi,

Can I connect 2 computers with a crossover cable for this test?

I have not yet installed 'freeswan' on these 2 computers for this test

# ifconfig
shows both computer having same internal IP
127.0.0.1

B.R.
satimis

If you are already masquerading, then there is an ethernet connection between the two computers ( you can access the internet on both using one isp right?). If you can ping one computer from the other, then you dont need another cable. If the computer connected to the cable modem has eth0 and eth1 (with etho connected to the cable modem) and eth1 connected to the second pc, what I need is ifconfig eth1 for that pc. The other pc which is not connected to the cable modem, what i need is ifconfig eth0 (assuming eth0 is what connects it to pc number 1).

The ip 127.0.0.1 is the internal loopback address which you wont be needing for this test. This address refers to "this" machine. All linux machines have this and programs refer to this to access services running in "this" machine.

I will also need the output of /sbin/route.


Go ahead and install f rees/wan on both computers and get a successful ipsec verify.