Configuring Linux VPNs
In This Chapter
VPN Guidelines Scenario Download and Install the Openswan Package Getting Openswan Started Get the Status of the Openswan Installation VPN Configuration Steps Using RSA Keys Possible Changes to IP Tables NAT/Masquerade Rules How to Ensure Openswan Starts When Rebooting Using Pre-Shared Keys (PSK) Troubleshooting Openswan Conclusion
As your SOHO grows, you'll eventually need to establish some form of secure data link with a supplier, vendor, branch office, business partner, or customer that will enable you to access their servers behind their Internet firewall.
One method of doing this is to create a Virtual Private Network (VPN) to provide an encrypted data stream between your firewall and theirs. A VPN is really convenient, because you can refer to the remote servers, not by their public network address translated IP addresses, but by their real, private IP addresses. This avoids problems inherent in connecting to servers behind a many to one NAT configuration.
This chapter will outline the configuration of a permanent site-to-site VPN link or tunnel using Openswan, one of the most popular VPN packages for Linux.
If you are new to VPNs, please refer to Appendix I, "Miscellaneous Linux Topics," for some important background information that will provide a deeper understanding of the steps outlined in this chapter.
 |
