LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] VPN, ADSL modem - what goes where?

[ILUG] VPN, ADSL modem - what goes where?

Ronan Cunniffe ronan at iaa.es
Tue Aug 1 17:16:59 IST 2006 

info at kennedysoftware.ie wrote:
> Hello,
>
> Trying to configure a VPN tunnel between 2 SuSE (SLES) servers, eth1 
> in both cases, across ADSL from eircom. It works OK if we have an 
> external router/modem box between eth1 and the eircom line. When we 
> replace the external box with an ADSL MODEM, and re-config the servers 
> as "Routers" (etc?), seems everything still works OK, but we hit VPN 
> config issues... The initial "Hi There" packet from the Client never 
> arrives at the VPN server...
>
> Servers:
> - eth0 is internal local LAN
> - eth1 connected to an ADSL "Modem" (eircom)
> - PPPoE, with static IP, from eircom
> - Firewall (SuSEFirewall2) running on eth1
> - "Routes" show ppp0, etc
>
> Conceptually, does anyone know which bit links to which bit in this 
> setup: ppp0, dsl0, eth1, firewall... Ie, from inside, are we talking 
> to ppp0, which hooks to eth1, etc... or....
>
> I hope the presence of the Firewall should be insignificant, in that 
> we can, theoretically, run it or not, without having to change any 
> other "configs". Put another way... in the IPSEC file, do we set LEFT 
> to "eth1", or to an address we assign to eth1, or to the static IP 
> from eircom (also assigned to eth1)... or to ppp0... whew!!
>
> In the IPSEC file, we've been fiddling with 
> interfaces="ipsec0=eth1/ppp0", left=, leftsubnet=, leftnexthop=, NAT, 
> etc, but we're now only digging a bigger hole!!
>
> Very many thanks for any suggestions or pointers.
OpenVPN?

IPSEC is the all-powerful conquering VPN solution.  OpenVPN only does 
point-to-point tunnels, uses ordinary ssh keys, and is vastly simpler.

As to what goes where....

I think you have two problems: PPPoE and the VPN, and are getting them 
mixed up to some extent.

I'll suggest:

Step 1: Forget about VPN.
Step 2: get ADSL working.
Step 3: Get the firewall working exactly as you want.
Step 4: Configure OpenVPN.
Step 5: Change the routing tables so that traffic to the remote network 
(but not the VPN endpoint itself....!) are sent via the new "tun0" 
encrypting interfaces that OpenVPN has created, instead of out over the 
working DSL link.
Step 6: Modify the firewall rules to allow the OpenVPN traffic

There's good manuals and worked examples for openvpn online, but you 
might still puzzle for a while before the light dawns.  Hint:  OpenVPN 
does *not* handle the question of where-do-I-send-my-packets.  Your 
ordinary routing table does this, and probably what is puzzling you 
about OpenVPN's configuration is best understood by asking "how is the 
routing going to work?"

Regards,

Ronan

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell