This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
tutorials:vpn [2011/04/30 12:56] – created clemens | tutorials:vpn [2012/05/02 17:59] – minor formatting fixes memnon | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== Contents ===== | ===== Contents ===== | ||
- | * [[#overview|Overview]] | + | * [[# |
- | * [[#setup|Setting it up]] | + | * [[#Setting it up]] |
- | * [[#xp|Connecting in Windows XP]] | + | * [[# |
- | * [[#vista|Connecting in Windows Vista]] | + | * [[# |
- | * [[#linux|Connecting in Linux]] | + | * [[# |
- | * [[#freebsd|Connecting in FreeBSD]] | + | * [[# |
- | * [[#osx|Connecting in Mac OS X]] | + | * [[# |
- | * [[#wrapup|The Wrap-up]] | + | * [[#The Wrap-up]] |
===== Overview ===== | ===== Overview ===== | ||
Line 62: | Line 62: | ||
- Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' | - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' | ||
- | - Create a file named sdfpptp in / | + | - Create a file named sdfpptp in / |
remotename sdfpptp | remotename sdfpptp | ||
linkname sdfpptp | linkname sdfpptp | ||
Line 81: | Line 81: | ||
bsdcomp 9,15 | bsdcomp 9,15 | ||
deflate 9,15 | deflate 9,15 | ||
- | idle 0 | + | idle 0 </ |
- Save the file. | - Save the file. | ||
- Edit / | - Edit / | ||
Line 89: | Line 89: | ||
Alternatively to steps 5 and 6, you might use a wrapper script like this:\\ | Alternatively to steps 5 and 6, you might use a wrapper script like this:\\ | ||
- | + | < | |
- | #!/bin/bash | + | |
- | SDFVPNHOST=**// | + | |
- | RT=`ip route get $SDFVPNHOST | head -1` | + | |
- | DEV=`echo $RT | awk ' | + | |
- | VIA=`echo $RT | awk ' | + | |
- | ip route add $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
- | pppd call sdfpptp | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV | + | |
- | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun | + | |
- | + | ||
- | This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | + | |
- | + | ||
- | ==== GUI Setup With NetworkManager ==== | + | |
- | + | ||
- | Any of the newer Linux distros that use NetworkManager (Debian, Ubuntu, Fedora, etc.) on their default desktops have a GUI interface to PPTP VPN configuration. You'll need to install a package to get this capability (although this now seems to be included in the latest Ubuntu 10.10 release): | + | |
- | + | ||
- | Fedora: | + | |
- | + | ||
- | yum install NetworkManager-pptp | + | |
- | + | ||
- | Debian/ | + | |
- | + | ||
- | apt-get install network-manager-pptp | + | |
- | + | ||
- | Once installed, restart the NetworkManager service (/// | + | |
- | + | ||
- | {{tutorials/ | + | |
- | + | ||
- | Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[# | + | |
- | + | ||
- | {{tutorials/ | + | |
- | + | ||
- | Now click on **Advanced**: | + | |
- | + | ||
- | {{tutorials/ | + | |
- | + | ||
- | Under **Authentication**, | + | |
- | + | ||
- | ==== A Note on Routing ==== | + | |
- | + | ||
- | If you use network manager, all traffic will be routed through the PPTP VPN for you once you are connected. If that's not what you want, you can click on **IPV4 Settings** and then **Routes** to have simple static routes added for you automatically when the VPN connects. You can also check **Use this connection only for resources on this network**, which in our case means only connections to SDF hosts will be encrypted. | + | |
- | + | ||
- | {{tutorials/ | + | |
- | + | ||
- | ===== Connecting in FreeBSD ===== | + | |
- | + | ||
- | * Install mpd4 from ports or packages. | + | |
- | * Add the following section to your / | + | |
- | * You will have to replace three (3) things in this config: | + | |
- | - Your USERNAME | + | |
- | - Your PASSWORD | + | |
- | - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. ' | + | |
- | * Add this in your / | + | |
- | * You will have to replace one (1) thing in this config: | + | |
- | - The public address of SDF's VPN host. You can get this by running setvpn at the shell. | + | |
- | * Now, as root, run mpd4 sdfvpn. | + | |
- | * You should now be connected to SDF over a layer 3 tunnel across the Internet. | + | |
- | * Your new routes are only for SDF's hosts, and use their internal IP addresses. These are the 10.0.0.x ones. I'm working on how to route to the public ones over the VPN without creating a routing loop to the VPN host. I copied SDF's /etc/hosts file to my machine so that I can run 'ssh sdf1' to connect through the tunnel. | + | |
- | + | ||
- | ===== Connecting in Mac OS X ===== | + | |
- | + | ||
- | - Open / | + | |
- | - Click on the **VPN** button. | + | |
- | - Click on the Configuration dropdown and go to " | + | |
- | - Press the **+** button at the bottom left of the window to add a configuration. | + | |
- | - Under " | + | |
- | - Under the " | + | |
- | - Under Username put your SDF username and the password is the secret you set up via the ' | + | |
- | - Choose " | + | |
- | - Click " | + | |
- | - Then, whenever you want to connect you can return to this **Internet Connect Application** and go to the VPN, choose the SDF VPN and click connect. Optionally, you can click " | + | |
- | + | ||
- | ===== Connecting On An iPad ===== | + | |
- | + | ||
- | - Log into SDF and run the ' | + | |
- | - Hit ' | + | |
- | - Enter your password twice. The password must be 14 characters or less, and ideally should contain letters, numbers, upper and lower case, and a special symbol, though there are no actual complexity requirements. | + | |
- | - After you have set up your password, the setvpn wizard will tell you what IP address to connect to. It will be 192.94.73.X. Write this whole IP address down. You will need it in a later step. | + | |
- | - Hit ' | + | |
- | - Turn on your iPad and go to the Settings. | + | |
- | - Go into the Network subsection. | + | |
- | - Go into the VPN subsection. This will bring up the 'Add Configuration' | + | |
- | - Select " | + | |
- | - In the Description field, label this connection something useful to identify it, such as 'SDF VPN' | + | |
- | - In the ' | + | |
- | - In the ' | + | |
- | - In the ' | + | |
- | - Set the encryption level to ' | + | |
- | - Leave the 'Send All Traffic' | + | |
- | - Hit the ' | + | |
- | - To turn on VPN, slide the VPN slider to ' | + | |
- | + | ||
- | ===== The wrap-up ===== | + | |
- | + | ||
- | Now that you have your VPN configured to connect, make sure that you don't forget to use it! Using the VPN while connected through a public access network (or even your home network!) will tunnel all connections through SDF and out to the Internet (once routing is enabled). Please make sure to use the VPN responsibly, | + | |
- | + | ||
- | Enjoy! | + | |
- | + | ||
- | ---- | + | |
- | + | ||
- | $Id: VPN.html,v 1.24 2011/02/14 19:39:45 spk Exp $ | + | |
- | + | ||
- | ---- | + | |
- | | + | |
- | + | ||
- | [[http:// | + | |
- | ---- | + | |
- | + | ||
- | ====== Connecting to the SDF VPN. ====== | + | |
- | + | ||
- | ===== Contents ===== | + | |
- | + | ||
- | * [[# | + | |
- | * [[# | + | |
- | * [[# | + | |
- | * [[# | + | |
- | * [[# | + | |
- | * [[# | + | |
- | * [[# | + | |
- | * [[# | + | |
- | + | ||
- | ===== Overview ===== | + | |
- | + | ||
- | The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network. | + | |
- | + | ||
- | The major benefit of this over SSH forwarding/ | + | |
- | + | ||
- | ===== Setting it up ===== | + | |
- | + | ||
- | The SDF VPN is quite easy to set up. You must first choose a VPN plan that is right for you, based on assumed bandwidth usage. Pricing and more package information is available through the shell by typing ' | + | |
- | + | ||
- | Once you've been added to the VPN membership level (you' | + | |
- | + | ||
- | You should make note of the VPN's IP address when setting up your secret. | + | |
- | + | ||
- | Once you've configured your VPN account, it's time to connect. Continue reading below for step-by-step instructions on connecting to the VPN. | + | |
- | + | ||
- | ===== Connecting in Windows XP ===== | + | |
- | + | ||
- | - Open the Windows Control Panel. | + | |
- | - Open the Network Connections item in Control Panel. Generally you would click the " | + | |
- | - Click on the " | + | |
- | - Click the " | + | |
- | - On the Network Connection page of the wizard, choose the " | + | |
- | - Choose a name for this connection on the " | + | |
- | - Choose an option on the " | + | |
- | - Enter the IP address for the VPN on the "**VPN Server Selection**" | + | |
- | - Choose an option on the " | + | |
- | - Click " | + | |
- | + | ||
- | ===== Connecting in Windows Vista ===== | + | |
- | + | ||
- | Connecting to the VPN is slightly different in Windows Vista. Please use these instructions to connect to SDF's VPN through Vista. | + | |
- | + | ||
- | - Click on the " | + | |
- | - Click on the "**Set up a connection or network**" | + | |
- | - On the window that comes up, scroll down and click on the " | + | |
- | - A question asking "**Do you want to use a connection you already have? | + | |
- | - Next you'll be asked "**How do you want to connect? | + | |
- | - You'll then be asked for the Internet address. Enter the address you remembered when accessing ' | + | |
- | - Enter a name for this VPN connection in the " | + | |
- | - If you don't want to connect immediately, | + | |
- | - Do not check the "**Use a smart card.**" | + | |
- | - When finished, click " | + | |
- | - You'll then configure the username and password needed to authenticate to the VPN. The username is your SDF username and the password is the secret you set up via the ' | + | |
- | - Leave the " | + | |
- | - Click the " | + | |
- | + | ||
- | ===== Connecting in Linux ===== | + | |
- | + | ||
- | - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering ' | + | |
- | - Create a file named sdfpptp in / | + | |
- | remotename sdfpptp | + | |
- | linkname sdfpptp | + | |
- | ipparam sdfpptp | + | |
- | pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd" | + | |
- | name **// | + | |
- | refuse-eap | + | |
- | refuse-pap | + | |
- | refuse-chap | + | |
- | refuse-mschap | + | |
- | require-mppe | + | |
- | nomppe-stateful | + | |
- | require-mppe-128 | + | |
- | nomppe-40 | + | |
- | noauth | + | |
- | nodetach | + | |
- | lock | + | |
- | bsdcomp 9,15 | + | |
- | deflate 9,15 | + | |
- | idle 0 | + | |
- | - Save the file. | + | |
- | - Edit / | + | |
- | - Make sure a specific route to the VPN exists. Run ' | + | |
- | - Enter ' | + | |
- | - Open another terminal. Enter ' | + | |
- | + | ||
- | Alternatively to steps 5 and 6, you might use a wrapper script like this:\\ | + | |
#!/bin/bash | #!/bin/bash | ||
SDFVPNHOST=**// | SDFVPNHOST=**// | ||
Line 300: | Line 100: | ||
ip route del $SDFVPNHOST via $VIA dev $DEV | ip route del $SDFVPNHOST via $VIA dev $DEV | ||
ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun | ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun | ||
+ | </ | ||
This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun" | ||
Line 338: | Line 139: | ||
* Install mpd4 from ports or packages. | * Install mpd4 from ports or packages. | ||
- | * Add the following section to your / | + | * Add the following section to your / |
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | set ipcp yes req-pri-dns req-sec-dns | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
* You will have to replace three (3) things in this config: | * You will have to replace three (3) things in this config: | ||
- Your USERNAME | - Your USERNAME | ||
- Your PASSWORD | - Your PASSWORD | ||
- The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. ' | - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. ' | ||
- | * Add this in your / | + | * Add this in your / |
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
* You will have to replace one (1) thing in this config: | * You will have to replace one (1) thing in this config: | ||
- The public address of SDF's VPN host. You can get this by running setvpn at the shell. | - The public address of SDF's VPN host. You can get this by running setvpn at the shell. |