info at kennedysoftware.ie wrote:
>> Trying to configure a VPN tunnel between 2 SuSE (SLES) servers, eth1
> in both cases, across ADSL from eircom. It works OK if we have an
> external router/modem box between eth1 and the eircom line. When we
> replace the external box with an ADSL MODEM, and re-config the servers
> as "Routers" (etc?), seems everything still works OK, but we hit VPN
> config issues... The initial "Hi There" packet from the Client never
> arrives at the VPN server...
> - eth0 is internal local LAN
> - eth1 connected to an ADSL "Modem" (eircom)
> - PPPoE, with static IP, from eircom
> - Firewall (SuSEFirewall2) running on eth1
> - "Routes" show ppp0, etc
>> Conceptually, does anyone know which bit links to which bit in this
> setup: ppp0, dsl0, eth1, firewall... Ie, from inside, are we talking
> to ppp0, which hooks to eth1, etc... or....
>> I hope the presence of the Firewall should be insignificant, in that
> we can, theoretically, run it or not, without having to change any
> other "configs". Put another way... in the IPSEC file, do we set LEFT
> to "eth1", or to an address we assign to eth1, or to the static IP
> from eircom (also assigned to eth1)... or to ppp0... whew!!
>> In the IPSEC file, we've been fiddling with
> interfaces="ipsec0=eth1/ppp0", left=, leftsubnet=, leftnexthop=, NAT,
> etc, but we're now only digging a bigger hole!!
>> Very many thanks for any suggestions or pointers.
IPSEC is the all-powerful conquering VPN solution. OpenVPN only does
point-to-point tunnels, uses ordinary ssh keys, and is vastly simpler.
As to what goes where....
I think you have two problems: PPPoE and the VPN, and are getting them
mixed up to some extent.
Step 1: Forget about VPN.
Step 2: get ADSL working.
Step 3: Get the firewall working exactly as you want.
Step 4: Configure OpenVPN.
Step 5: Change the routing tables so that traffic to the remote network
(but not the VPN endpoint itself....!) are sent via the new "tun0"
encrypting interfaces that OpenVPN has created, instead of out over the
working DSL link.
Step 6: Modify the firewall rules to allow the OpenVPN traffic
There's good manuals and worked examples for openvpn online, but you
might still puzzle for a while before the light dawns. Hint: OpenVPN
does *not* handle the question of where-do-I-send-my-packets. Your
ordinary routing table does this, and probably what is puzzling you
about OpenVPN's configuration is best understood by asking "how is the
routing going to work?"
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!