Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
linux vpn
I'm trying to setup a simple vpn so I can vpn into my house and have access as if I was connected to the switch.
i looked at various solutions such as openvpn, openswan and pptpd. they are very poorly documented and I can't find much online on how to get them working.
I'm more interested in pptpd as even though it's less secure it looks like it's the simplest (no certificates and stuff) and I will tunnel it via SSH anyway. The issue I'm having is that it's only listening locally, I also don't know how to create users for it, as there is no documentation.
In all earnest poptop is pretty easy to setup, most of the stiff is actually setup in PPP documents. However, if you are using SSHthen you are defeating the purpose of a VPN more or less anyways. You can all ready tunnel excrypted traffic through SSH.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
the reason I want the vpn is so I can also route.
Ex: I open ssh, I have to specify which ports and which servers to tunnel through. With vpn, everything is open. I just access the Ip directly as if I'm plugged right in.
Or is there a way to do this with just ssh? Since if yes that would be even better.
At least, what I'd love to be able to do is map a samba share in windows, over ssh. So if vpn wont work out, that's my 2nd option.
you Can simply use the best Open source solution VPN (OpenVpn) and there is a good book which is open vpn with a picture of parrot on it we will learn alot from this book
What's bad about the openvpn documentation? It's more than sufficient to get you up and running in several ways? Are you looking at the same site I am?
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Thats the one, along with whatever I found on google.
When it tells me to do stuff like copy the config (since /etc/openvpn is empty by default for whatever reason) the paths they say are wrong, the files they refer to are wrong or don't exist, or they don't even say filenames at all. Like "edit this line" ok this line in what file?
There's lot of missing "links" that are not explained in the documentation.
Such things vary between distros, installation method, etc, so unless you find a howto for your distro, you are likely to have these issues for any solution (and that will be the case if you purchase a book on the subject).
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Well that's not good. how should I go about doing this then? I can't just guess. Is there by chance a vmware 2.0 appliance already setup I can just download?
If it matters I'm using fedora core 9 for the vpn server but that can easily be changed if you think another distro may work better.
Distro coders seriously need to get together and agree to standards though, it's not right that stuff is not the same accross all distros, when it comes to installing/configuring stuff.
VPN, unfortunately, can turn into quite the can of worms.
I still have quite a few scorch-marks on my tailpipe from trying to get any one of several VPN implementations to work properly. It is not always as easy as it sounds.
So... what did I finally do? Hardware! It turns out that the router we were using had VPN capability built-in, and we could set up a secure tunnel between the two installations using that. Worked great. None of the computers on either side had to do anything special... they saw the computers "on the other side of the tunnel" as being "local." (Sweet!)
Pretty much any router that you buy these days at an electronics store is quite likely to have some degree of VPN capability built-in. It might well be all you need.
Well that's not good. how should I go about doing this then? I can't just guess. Is there by chance a vmware 2.0 appliance already setup I can just download?
If it matters I'm using fedora core 9 for the vpn server but that can easily be changed if you think another distro may work better.
Distro coders seriously need to get together and agree to standards though, it's not right that stuff is not the same accross all distros, when it comes to installing/configuring stuff.
Did you install openvpn using yum or from source? Whe nI'v installed in in CentOS (pretty much the same as Fedora), things end up in pretty much the right place (/etc/openvpn for example).
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
I did with yum. The main issue is when I do install it lot of stuff is missing such as /etc/openvpn, being empty. So when I follow any type of documentation and it tells me to do stuff, I have nowhere to go to actually do that as my directory is empty.
I've thought of going the router route as well, though I like the idea of a server acting as vpn server since I can fine tweak what can be accessed by adding outgoing firewall rules at the server, that and I can close the port externally and only make it work through a ssh tunnel for the double authentication factor and double encryption. I don't really trust the vpn on cheap routers, or is it actually half decent? the main thing I need is some form of brute force protection, or someone can sit there for years and eventually guess the password without me knowing.
Please don't take this the wrong way, but I think the problem is you want to follow instructions, but haven't followed them carefully enough.
I just dropped openvpn onto a F9 box, and as you rightly point out, /etc/openvpn is empty. So I started at the top of the howto:
Quote:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients
...
If you are using Linux, BSD, or a unix-like OS, open a shell and cd to the easy-rsa subdirectory of the OpenVPN distribution. If you installed OpenVPN from an RPM file, the easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 (it's best to copy this directory to another location such as /etc/openvpn, before any edits, so that future OpenVPN package upgrades won't overwrite your modifications).
and
Quote:
Creating configuration files for server and clients
Getting the sample config files
It's best to use the OpenVPN sample configuration files as a starting point for your own configuration. These files can also be found in
* the sample-config-files directory of the OpenVPN source distribution
* the sample-config-files directory in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 if you installed from an RPM package
So the rsa stuff is not exactly where the howto points - it's still for 2.0 I note, but easy enough to find (if you are ever looking for a file, try "locate easy-rsa" - if it's a new file, run "updagedb" first).
So if you want to give it another go, copy these across and see how you gow.
openvpn works well once it's going.
Last edited by billymayday; 12-19-2008 at 06:03 PM.
Reason: Fixed close quote tag
Lot of other stuff I can't find either. is there a premade vmware appliance I can just download? This just seems way too complicated for nothing. I've coded many programs before and I always make sure that it works out of the box, you just have to turn it on, and boom, it works. None of this BS of copying files all over the place.
If I knew more about network coding at the lower level I'd just make my own vpn server/client
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.