Linux® Quick Fix

One method of doing this is to create a Virtual Private Network (VPN) to provide an encrypted data stream between your firewall and theirs. A VPN is really convenient, because you can refer to the remote servers, not by their public network address t...

Life will be much easier if you make your Linux VPN box also function as a firewall. Configure and test the firewall first and then configure the VPN. Chapter 14, "Linux Firewalls Using iptables," should help a lot.The networks at both ends...

Figure 35.1 illustrates the topology of a VPN between two SOHO environments. Here's the scenario: The two sites need a VPN so that they can communicate with each other without the fear of eavesdropping.The network administrators at both sites are aw...

org. The site has good instructions on how to install the product on Fedora and other versions of Linux. Be aware that to download the RPM version of Openswan you must have the ipsec-tools RPM package installed on your system. (Remember, RPM filename...

You can configure Openswan to start at boot time using the chkconfig command: [root@bigboy tmp]# chkconfig ipsec on You can start, stop, and restart Openswan after booting using the ipsec initialization script as shown: [root@bigboy ...

Immediately after installing Openswan, run the ipsec verify command. It should give an [OK] status for most of its checks: [root@vpn2 tmp]# ipsec verify Checking your system to see if IPsec got installed and started correctly Ve...

One of the more secure ways of setting up a VPN tunnel is to encrypt the data using certificate-based (RSA) keys. There are other VPN parameters too, but Openswan is very forgiving when it establishes a tunnel. It automatically goes through all the v...

If you are running iptables with masquerading/NAT for the VPN devices, then you must exclude packets traversing the tunnel from the NAT operation. This example assumes that interface eth0 is the Internet facing interface on your Linux VPN/firewall. ...

If your VPN subsection in the /etc/ipsec.conf file contains the line auto=add, then IPSec only authorizes but doesn't establish the connection at startup. You'll have to use the ipsec auto --up <vpn-name> command to start it manually. You must...

You don't always have to use RSA type keys. Sometimes the VPN device at the other end of the tunnel won't support them, but will accept a simpler pre-shared key. Here is how to do it: 1. Create the PSK using one of two methods. You can creat...

Determine the Tunnel Status The ipsec auto --status command provides a status on Opesnswan running on your VPN device. The output is divided into three sections: IKE Section: Defines the various encrypted key exchange algorithms and their parameter...

VPNs are increasingly becoming an everyday part of life on the Internet. Many people use them to gain access to many of the systems in their offices, such as e-mail and intranets. This trend is certain to become more popular as many companies are fin...