LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   linux vpn (https://www.linuxquestions.org/questions/linux-security-4/linux-vpn-689946/)

Red Squirrel 12-11-2008 07:52 PM

linux vpn
 
I'm trying to setup a simple vpn so I can vpn into my house and have access as if I was connected to the switch.

i looked at various solutions such as openvpn, openswan and pptpd. they are very poorly documented and I can't find much online on how to get them working.

I'm more interested in pptpd as even though it's less secure it looks like it's the simplest (no certificates and stuff) and I will tunnel it via SSH anyway. The issue I'm having is that it's only listening locally, I also don't know how to create users for it, as there is no documentation.

scheidel21 12-12-2008 04:01 AM

Try some of these links for poptop the pptpd server http://poptop.sourceforge.net/dox/ http://www.poptop.org/PoPToP-RedHat-HOWTO.txt http://articles.techrepublic.com.com...1-6031577.html

In all earnest poptop is pretty easy to setup, most of the stiff is actually setup in PPP documents. However, if you are using SSHthen you are defeating the purpose of a VPN more or less anyways. You can all ready tunnel excrypted traffic through SSH.

Red Squirrel 12-12-2008 04:28 PM

the reason I want the vpn is so I can also route.

Ex: I open ssh, I have to specify which ports and which servers to tunnel through. With vpn, everything is open. I just access the Ip directly as if I'm plugged right in.

Or is there a way to do this with just ssh? Since if yes that would be even better.

At least, what I'd love to be able to do is map a samba share in windows, over ssh. So if vpn wont work out, that's my 2nd option.

adam_blackice 12-12-2008 07:13 PM

you Can simply use the best Open source solution VPN (OpenVpn) and there is a good book which is open vpn with a picture of parrot on it we will learn alot from this book

Red Squirrel 12-12-2008 08:46 PM

Tried open vpn but it's very badly documented so I could not figure it out. Though I did not know about the book, I'll see if I can find it online

billymayday 12-12-2008 09:17 PM

What's bad about the openvpn documentation? It's more than sufficient to get you up and running in several ways? Are you looking at the same site I am?

http://www.openvpn.org/index.php/doc...ion/howto.html

amongst others for example

Red Squirrel 12-12-2008 10:06 PM

Thats the one, along with whatever I found on google.

When it tells me to do stuff like copy the config (since /etc/openvpn is empty by default for whatever reason) the paths they say are wrong, the files they refer to are wrong or don't exist, or they don't even say filenames at all. Like "edit this line" ok this line in what file?

There's lot of missing "links" that are not explained in the documentation.

billymayday 12-12-2008 10:20 PM

Such things vary between distros, installation method, etc, so unless you find a howto for your distro, you are likely to have these issues for any solution (and that will be the case if you purchase a book on the subject).

Good luck.

Red Squirrel 12-15-2008 05:13 PM

Well that's not good. how should I go about doing this then? I can't just guess. Is there by chance a vmware 2.0 appliance already setup I can just download?

If it matters I'm using fedora core 9 for the vpn server but that can easily be changed if you think another distro may work better.

Distro coders seriously need to get together and agree to standards though, it's not right that stuff is not the same accross all distros, when it comes to installing/configuring stuff.

internetSurfer 12-15-2008 06:16 PM

OpenVPN Free Online Edition
http://openvpnbook.packtpub.com/

_

sundialsvcs 12-15-2008 06:24 PM

VPN, unfortunately, can turn into quite the can of worms.

I still have quite a few scorch-marks on my tailpipe from trying to get any one of several VPN implementations to work properly. :cry: It is not always as easy as it sounds.

So... what did I finally do? Hardware! It turns out that the router we were using had VPN capability built-in, and we could set up a secure tunnel between the two installations using that. Worked great. None of the computers on either side had to do anything special... they saw the computers "on the other side of the tunnel" as being "local." (Sweet!)

Pretty much any router that you buy these days at an electronics store is quite likely to have some degree of VPN capability built-in. It might well be all you need.

billymayday 12-15-2008 09:33 PM

Quote:

Originally Posted by Red Squirrel (Post 3376659)
Well that's not good. how should I go about doing this then? I can't just guess. Is there by chance a vmware 2.0 appliance already setup I can just download?

If it matters I'm using fedora core 9 for the vpn server but that can easily be changed if you think another distro may work better.

Distro coders seriously need to get together and agree to standards though, it's not right that stuff is not the same accross all distros, when it comes to installing/configuring stuff.

Did you install openvpn using yum or from source? Whe nI'v installed in in CentOS (pretty much the same as Fedora), things end up in pretty much the right place (/etc/openvpn for example).

Red Squirrel 12-15-2008 10:28 PM

I did with yum. The main issue is when I do install it lot of stuff is missing such as /etc/openvpn, being empty. So when I follow any type of documentation and it tells me to do stuff, I have nowhere to go to actually do that as my directory is empty.

I've thought of going the router route as well, though I like the idea of a server acting as vpn server since I can fine tweak what can be accessed by adding outgoing firewall rules at the server, that and I can close the port externally and only make it work through a ssh tunnel for the double authentication factor and double encryption. I don't really trust the vpn on cheap routers, or is it actually half decent? the main thing I need is some form of brute force protection, or someone can sit there for years and eventually guess the password without me knowing.

billymayday 12-15-2008 11:32 PM

Please don't take this the wrong way, but I think the problem is you want to follow instructions, but haven't followed them carefully enough.

I just dropped openvpn onto a F9 box, and as you rightly point out, /etc/openvpn is empty. So I started at the top of the howto:

Quote:

Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients

...
If you are using Linux, BSD, or a unix-like OS, open a shell and cd to the easy-rsa subdirectory of the OpenVPN distribution. If you installed OpenVPN from an RPM file, the easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 (it's best to copy this directory to another location such as /etc/openvpn, before any edits, so that future OpenVPN package upgrades won't overwrite your modifications).
and

Quote:

Creating configuration files for server and clients
Getting the sample config files

It's best to use the OpenVPN sample configuration files as a starting point for your own configuration. These files can also be found in

* the sample-config-files directory of the OpenVPN source distribution
* the sample-config-files directory in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 if you installed from an RPM package
On my box I have
Quote:

/usr/share/doc/openvpn-2.1/sample-config-files/server.conf
/usr/share/openvpn/easy-rsa/2.0/
So the rsa stuff is not exactly where the howto points - it's still for 2.0 I note, but easy enough to find (if you are ever looking for a file, try "locate easy-rsa" - if it's a new file, run "updagedb" first).

So if you want to give it another go, copy these across and see how you gow.

openvpn works well once it's going.

Red Squirrel 12-16-2008 07:06 PM

Even after copying that folder lot of stuff is missing. for example, there is no "vars" file. I'm using this tutorial: http://www.thebakershome.net/openvpn_tutorial

Lot of other stuff I can't find either. is there a premade vmware appliance I can just download? This just seems way too complicated for nothing. I've coded many programs before and I always make sure that it works out of the box, you just have to turn it on, and boom, it works. None of this BS of copying files all over the place.

If I knew more about network coding at the lower level I'd just make my own vpn server/client


All times are GMT -5. The time now is 01:25 AM.