LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] VPN, ADSL modem - what goes where?

[ILUG] VPN, ADSL modem - what goes where?

info at kennedysoftware.ie info at kennedysoftware.ie
Wed Aug 2 12:46:06 IST 2006 

Thank you, Ronan.

> OpenVPN?
>
> IPSEC is the all-powerful conquering VPN solution.  OpenVPN only does 
> point-to-point tunnels, uses ordinary ssh keys, and is vastly simpler.

Not OpenVPN - SuSE already has OpenSwan/FreeSwan in the distro, and 
controlled by their YaST GUI tool.

> As to what goes where....
>
> I think you have two problems: PPPoE and the VPN, and are getting them 
> mixed up to some extent.
>
> I'll suggest:
>
> Step 1: Forget about VPN.
> Step 2: get ADSL working.
> Step 3: Get the firewall working exactly as you want.
> Step 4: Configure OpenVPN.
> Step 5: Change the routing tables so that traffic to the remote network 
> (but not the VPN endpoint itself....!) are sent via the new "tun0" 
> encrypting interfaces that OpenVPN has created, instead of out over the 
> working DSL link.
> Step 6: Modify the firewall rules to allow the OpenVPN traffic

Using external Router boxes, we have VPN (IPSEC) running, with the Firewall, 
etc. (In SuSE's case, they have a nice Firewall tool called SuSeFirewall2, 
which caters for most normal Firewall issues).

When we use an external Modem, and change SuSE accordingly (ahem!!), we hit 
those "walls". The Firewall now sits on "dsl0", and ppp0 is introduced... 
and...

> There's good manuals and worked examples for openvpn online, but you might 
> still puzzle for a while before the light dawns.  Hint:  OpenVPN does 
> *not* handle the question of where-do-I-send-my-packets.  Your ordinary 
> routing table does this, and probably what is puzzling you about OpenVPN's 
> configuration is best understood by asking "how is the routing going to 
> work?"

Thanks again, Ronan. We'll review the "routing", and take a look at OpenVPN, 
and see if, overall, it would simplify the issues for us... There's tonnes 
of stuff on the 'net on IPSEC also, OpenSwan, FreeSwan, etc... but not much 
on how it runs on a server/router with PPPoE active internally. Also, since 
posting yesterday, we noticed a few entries in our IPSEC files which were 
probably not correct - even with the external routers, and we're 
"re-visiting" these issues.

When we get it working well, I'll post a message here, in case it might 
benefit anyone else later.

  - Mike

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell