LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-11-2008, 07:52 PM   #1
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Rep: Reputation: 47
linux vpn


I'm trying to setup a simple vpn so I can vpn into my house and have access as if I was connected to the switch.

i looked at various solutions such as openvpn, openswan and pptpd. they are very poorly documented and I can't find much online on how to get them working.

I'm more interested in pptpd as even though it's less secure it looks like it's the simplest (no certificates and stuff) and I will tunnel it via SSH anyway. The issue I'm having is that it's only listening locally, I also don't know how to create users for it, as there is no documentation.
 
Old 12-12-2008, 04:01 AM   #2
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,323

Rep: Reputation: 100Reputation: 100
Try some of these links for poptop the pptpd server http://poptop.sourceforge.net/dox/ http://www.poptop.org/PoPToP-RedHat-HOWTO.txt http://articles.techrepublic.com.com...1-6031577.html

In all earnest poptop is pretty easy to setup, most of the stiff is actually setup in PPP documents. However, if you are using SSHthen you are defeating the purpose of a VPN more or less anyways. You can all ready tunnel excrypted traffic through SSH.
 
Old 12-12-2008, 04:28 PM   #3
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Original Poster
Rep: Reputation: 47
the reason I want the vpn is so I can also route.

Ex: I open ssh, I have to specify which ports and which servers to tunnel through. With vpn, everything is open. I just access the Ip directly as if I'm plugged right in.

Or is there a way to do this with just ssh? Since if yes that would be even better.

At least, what I'd love to be able to do is map a samba share in windows, over ssh. So if vpn wont work out, that's my 2nd option.
 
Old 12-12-2008, 07:13 PM   #4
adam_blackice
Member
 
Registered: Apr 2006
Location: /*Egypt */ //cairo
Distribution: Ubuntu 7.04 , SLED 10 , Fedora , RHEL 5
Posts: 312

Rep: Reputation: 32
you Can simply use the best Open source solution VPN (OpenVpn) and there is a good book which is open vpn with a picture of parrot on it we will learn alot from this book
 
Old 12-12-2008, 08:46 PM   #5
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Original Poster
Rep: Reputation: 47
Tried open vpn but it's very badly documented so I could not figure it out. Though I did not know about the book, I'll see if I can find it online
 
Old 12-12-2008, 09:17 PM   #6
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
What's bad about the openvpn documentation? It's more than sufficient to get you up and running in several ways? Are you looking at the same site I am?

http://www.openvpn.org/index.php/doc...ion/howto.html

amongst others for example
 
Old 12-12-2008, 10:06 PM   #7
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Original Poster
Rep: Reputation: 47
Thats the one, along with whatever I found on google.

When it tells me to do stuff like copy the config (since /etc/openvpn is empty by default for whatever reason) the paths they say are wrong, the files they refer to are wrong or don't exist, or they don't even say filenames at all. Like "edit this line" ok this line in what file?

There's lot of missing "links" that are not explained in the documentation.
 
Old 12-12-2008, 10:20 PM   #8
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Such things vary between distros, installation method, etc, so unless you find a howto for your distro, you are likely to have these issues for any solution (and that will be the case if you purchase a book on the subject).

Good luck.
 
Old 12-15-2008, 05:13 PM   #9
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Original Poster
Rep: Reputation: 47
Well that's not good. how should I go about doing this then? I can't just guess. Is there by chance a vmware 2.0 appliance already setup I can just download?

If it matters I'm using fedora core 9 for the vpn server but that can easily be changed if you think another distro may work better.

Distro coders seriously need to get together and agree to standards though, it's not right that stuff is not the same accross all distros, when it comes to installing/configuring stuff.
 
Old 12-15-2008, 06:16 PM   #10
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
OpenVPN Free Online Edition
http://openvpnbook.packtpub.com/

_
 
Old 12-15-2008, 06:24 PM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
VPN, unfortunately, can turn into quite the can of worms.

I still have quite a few scorch-marks on my tailpipe from trying to get any one of several VPN implementations to work properly. It is not always as easy as it sounds.

So... what did I finally do? Hardware! It turns out that the router we were using had VPN capability built-in, and we could set up a secure tunnel between the two installations using that. Worked great. None of the computers on either side had to do anything special... they saw the computers "on the other side of the tunnel" as being "local." (Sweet!)

Pretty much any router that you buy these days at an electronics store is quite likely to have some degree of VPN capability built-in. It might well be all you need.
 
Old 12-15-2008, 09:33 PM   #12
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Quote:
Originally Posted by Red Squirrel View Post
Well that's not good. how should I go about doing this then? I can't just guess. Is there by chance a vmware 2.0 appliance already setup I can just download?

If it matters I'm using fedora core 9 for the vpn server but that can easily be changed if you think another distro may work better.

Distro coders seriously need to get together and agree to standards though, it's not right that stuff is not the same accross all distros, when it comes to installing/configuring stuff.
Did you install openvpn using yum or from source? Whe nI'v installed in in CentOS (pretty much the same as Fedora), things end up in pretty much the right place (/etc/openvpn for example).
 
Old 12-15-2008, 10:28 PM   #13
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Original Poster
Rep: Reputation: 47
I did with yum. The main issue is when I do install it lot of stuff is missing such as /etc/openvpn, being empty. So when I follow any type of documentation and it tells me to do stuff, I have nowhere to go to actually do that as my directory is empty.

I've thought of going the router route as well, though I like the idea of a server acting as vpn server since I can fine tweak what can be accessed by adding outgoing firewall rules at the server, that and I can close the port externally and only make it work through a ssh tunnel for the double authentication factor and double encryption. I don't really trust the vpn on cheap routers, or is it actually half decent? the main thing I need is some form of brute force protection, or someone can sit there for years and eventually guess the password without me knowing.
 
Old 12-15-2008, 11:32 PM   #14
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Please don't take this the wrong way, but I think the problem is you want to follow instructions, but haven't followed them carefully enough.

I just dropped openvpn onto a F9 box, and as you rightly point out, /etc/openvpn is empty. So I started at the top of the howto:

Quote:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients

...
If you are using Linux, BSD, or a unix-like OS, open a shell and cd to the easy-rsa subdirectory of the OpenVPN distribution. If you installed OpenVPN from an RPM file, the easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 (it's best to copy this directory to another location such as /etc/openvpn, before any edits, so that future OpenVPN package upgrades won't overwrite your modifications).
and

Quote:
Creating configuration files for server and clients
Getting the sample config files

It's best to use the OpenVPN sample configuration files as a starting point for your own configuration. These files can also be found in

* the sample-config-files directory of the OpenVPN source distribution
* the sample-config-files directory in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 if you installed from an RPM package
On my box I have
Quote:
/usr/share/doc/openvpn-2.1/sample-config-files/server.conf
/usr/share/openvpn/easy-rsa/2.0/
So the rsa stuff is not exactly where the howto points - it's still for 2.0 I note, but easy enough to find (if you are ever looking for a file, try "locate easy-rsa" - if it's a new file, run "updagedb" first).

So if you want to give it another go, copy these across and see how you gow.

openvpn works well once it's going.

Last edited by billymayday; 12-19-2008 at 06:03 PM. Reason: Fixed close quote tag
 
Old 12-16-2008, 07:06 PM   #15
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Mint 17.1 KDE on workstation, CentOS 6.x on servers
Posts: 1,143

Original Poster
Rep: Reputation: 47
Even after copying that folder lot of stuff is missing. for example, there is no "vars" file. I'm using this tutorial: http://www.thebakershome.net/openvpn_tutorial

Lot of other stuff I can't find either. is there a premade vmware appliance I can just download? This just seems way too complicated for nothing. I've coded many programs before and I always make sure that it works out of the box, you just have to turn it on, and boom, it works. None of this BS of copying files all over the place.

If I knew more about network coding at the lower level I'd just make my own vpn server/client
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic IP VPN between IpSec(OpenBSD) and Linux VPN software Peter_APIIT Linux - Server 2 04-09-2008 05:08 AM
Configure Linux VPN Server for a Windows VPN Client xbaez Linux - Networking 4 04-28-2006 03:29 PM
Linux VPN Software - How to Connect to a Windows VPN wfernley Linux - Software 2 02-07-2006 09:40 AM
VPN: linux VPN server behind Linksys router hamish Linux - Networking 14 08-25-2005 08:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration