Thank you, Ronan.
>> IPSEC is the all-powerful conquering VPN solution. OpenVPN only does
> point-to-point tunnels, uses ordinary ssh keys, and is vastly simpler.
Not OpenVPN - SuSE already has OpenSwan/FreeSwan in the distro, and
controlled by their YaST GUI tool.
> As to what goes where....
>> I think you have two problems: PPPoE and the VPN, and are getting them
> mixed up to some extent.
>> I'll suggest:
>> Step 1: Forget about VPN.
> Step 2: get ADSL working.
> Step 3: Get the firewall working exactly as you want.
> Step 4: Configure OpenVPN.
> Step 5: Change the routing tables so that traffic to the remote network
> (but not the VPN endpoint itself....!) are sent via the new "tun0"
> encrypting interfaces that OpenVPN has created, instead of out over the
> working DSL link.
> Step 6: Modify the firewall rules to allow the OpenVPN traffic
Using external Router boxes, we have VPN (IPSEC) running, with the Firewall,
etc. (In SuSE's case, they have a nice Firewall tool called SuSeFirewall2,
which caters for most normal Firewall issues).
When we use an external Modem, and change SuSE accordingly (ahem!!), we hit
those "walls". The Firewall now sits on "dsl0", and ppp0 is introduced...
> There's good manuals and worked examples for openvpn online, but you might
> still puzzle for a while before the light dawns. Hint: OpenVPN does
> *not* handle the question of where-do-I-send-my-packets. Your ordinary
> routing table does this, and probably what is puzzling you about OpenVPN's
> configuration is best understood by asking "how is the routing going to
Thanks again, Ronan. We'll review the "routing", and take a look at OpenVPN,
and see if, overall, it would simplify the issues for us... There's tonnes
of stuff on the 'net on IPSEC also, OpenSwan, FreeSwan, etc... but not much
on how it runs on a server/router with PPPoE active internally. Also, since
posting yesterday, we noticed a few entries in our IPSEC files which were
probably not correct - even with the external routers, and we're
"re-visiting" these issues.
When we get it working well, I'll post a message here, in case it might
benefit anyone else later.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!