Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorials:vpn [2012/01/08 23:06]
memnon Fix links
tutorials:vpn [2012/05/02 18:10]
memnon Import latest additions from sdf.
Line 11: Line 11:
   * [[#​Connecting in Mac OS X]]   * [[#​Connecting in Mac OS X]]
   * [[#The Wrap-up]]   * [[#The Wrap-up]]
 +  * [[#​Connecting to the SDF VPN with OpenVPN (USA/EU)]]
 +    * [[#Getting the OpenVPN software]]
 +    * [[#Setting it up]]
  
 ===== Overview ===== ===== Overview =====
Line 62: Line 65:
  
   - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '​**sudo apt-get install pptp-linux**'​ into a terminal.   - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '​**sudo apt-get install pptp-linux**'​ into a terminal.
-  - Create a file named sdfpptp in /​etc/​ppp/​peers by entering '​**sudo gedit /​etc/​ppp/​peers**'​. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//​username//​** with your username.)\\ \\  Note: Make sure to replace **//IP Address//** with the IP address/​hostname provided when running '​**setvpn**'​ in the shell.\\+  - Create a file named sdfpptp in /​etc/​ppp/​peers by entering '​**sudo gedit /​etc/​ppp/​peers**'​. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//​username//​** with your username.)\\ \\  Note: Make sure to replace **//IP Address//** with the IP address/​hostname provided when running '​**setvpn**'​ in the shell.\\ ​<​code>​
     remotename sdfpptp     remotename sdfpptp
     linkname sdfpptp     linkname sdfpptp
Line 81: Line 84:
     bsdcomp 9,15     bsdcomp 9,15
     deflate 9,15     deflate 9,15
-    idle 0+    idle 0 </​code>​
   - Save the file.   - Save the file.
   - Edit /​etc/​ppp/​chap-secrets by entering '​**sudo gedit /​etc/​ppp/​chap-secrets**'​. Add the line **//​username//​ stfpptp //​password//​ *** replacing //​username//​ and //​password//​ with your SDF username and your password set by **'​setvpn'​**.   - Edit /​etc/​ppp/​chap-secrets by entering '​**sudo gedit /​etc/​ppp/​chap-secrets**'​. Add the line **//​username//​ stfpptp //​password//​ *** replacing //​username//​ and //​password//​ with your SDF username and your password set by **'​setvpn'​**.
Line 89: Line 92:
  
 Alternatively to steps 5 and 6, you might use a wrapper script like this:\\ Alternatively to steps 5 and 6, you might use a wrapper script like this:\\
 +<code bash>
   #!/bin/bash   #!/bin/bash
   SDFVPNHOST=**//​IP Address//**   SDFVPNHOST=**//​IP Address//**
Line 100: Line 103:
   ip route del $SDFVPNHOST via $VIA dev $DEV   ip route del $SDFVPNHOST via $VIA dev $DEV
   ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun   ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun
 +</​code>​
  
  This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun"​.\\  This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun"​.\\
Line 119: Line 123:
 {{tutorials/​images/​vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/​images/​vpn4.png|Network Manager - VPN Settings Overview}} {{tutorials/​images/​vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/​images/​vpn4.png|Network Manager - VPN Settings Overview}}
  
-Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]):+Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#Setting it up|from when you ran setvpn]]):
  
 {{tutorials/​images/​vpn2.png|Network Manager Settings - VPN Settings Detail}} {{tutorials/​images/​vpn2.png|Network Manager Settings - VPN Settings Detail}}
Line 138: Line 142:
  
   * Install mpd4 from ports or packages.   * Install mpd4 from ports or packages.
-  * Add the following section to your /​usr/​local/​etc/​mpd4/​mpd4.conf: ​ sdfvpn: new -i ng1 sdfvpn sdfvpn set iface disable on-demand set iface idle 0 # disconnect the client after 8 hours set iface session 28800 set iface route 10.0.0.0/24 set iface route default set bundle disable multilink set auth authname "​USERNAME"​ set auth password "​PASSWORD"​ set link yes acfcomp protocomp set link no eap set link no pap set link accept chap set link mtu 1460 set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/​0 ​ set ipcp yes req-pri-dns req-sec-dns # # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. # set bundle yes compression set ccp yes mppc set ccp yes mpp-compress set ccp yes mpp-e128 #set bundle accept crypt-reqd set ccp yes mpp-stateless open+  * Add the following section to your /​usr/​local/​etc/​mpd4/​mpd4.conf:​<​code>​  
 +  ​sdfvpn: ​ 
 +  ​new -i ng1 sdfvpn sdfvpn ​ 
 +  ​set iface disable on-demand ​ 
 +  ​set iface idle 0  
 +  ​# disconnect the client after 8 hours  
 +  ​set iface session 28800  
 +  ​set iface route 10.0.0.0/​24 ​ 
 +  ​set iface route default ​ 
 +  ​set bundle disable multilink ​ 
 +  ​set auth authname "​USERNAME" ​ 
 +  ​set auth password "​PASSWORD" ​ 
 +  ​set link yes acfcomp protocomp ​ 
 +  ​set link no eap  
 +  ​set link no pap  
 +  ​set link accept chap  
 +  ​set link mtu 1460  
 +  ​set link keep-alive 10 75  
 +  ​set ipcp yes vjcomp ​ 
 +  ​set ipcp ranges 0.0.0.0/​0 ​  
 +  set ipcp yes req-pri-dns req-sec-dns ​ 
 +  ​ 
 +  ​# The five lines below enable Microsoft Point-to-Point encryption ​ 
 +  ​# (MPPE) using the ng_mppc(8) netgraph node type.  
 +  ​ 
 +  ​set bundle yes compression ​ 
 +  ​set ccp yes mppc  
 +  ​set ccp yes mpp-compress ​ 
 +  ​set ccp yes mpp-e128 ​ 
 +  ​#set bundle accept crypt-reqd ​ 
 +  ​set ccp yes mpp-stateless ​ 
 +  ​open 
 +  </​code>​
   * You will have to replace three (3) things in this config:   * You will have to replace three (3) things in this config:
     - Your USERNAME     - Your USERNAME
     - Your PASSWORD     - Your PASSWORD
     - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.  '     - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.  '
-  * Add this in your /​usr/​local/​etc/​mpd4/​mpd4.links file:  sdfvpn: set link type pptp set pptp peer  set pptp enable originate outcall set pptp disable incoming+  * Add this in your /​usr/​local/​etc/​mpd4/​mpd4.links file:<​code> ​  
 +    ​sdfvpn: ​ 
 +    ​set link type pptp  
 +    ​set pptp peer  ​ 
 +    ​set pptp enable originate outcall ​ 
 +    ​set pptp disable incoming ​</​code>​
   * You will have to replace one (1) thing in this config:   * You will have to replace one (1) thing in this config:
     - The public address of SDF's VPN host. You can get this by running setvpn at the shell.     - The public address of SDF's VPN host. You can get this by running setvpn at the shell.
Line 188: Line 229:
  
 Enjoy! Enjoy!
 +
 +===== Connecting to the SDF VPN with OpenVPN (USA/EU) =====
 +
 +=== Overview ===
 +
 +The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network.
 +
 +The major benefit of this over SSH forwarding/​tunneling is that it is much easier to configure and automatically tunnels all connections leaving your computer, and not just those specifically configured for forwarding. Some may see this as a negative aspect of the VPN, however.
 +
 +=== Getting the OpenVPN software ===
 +
 +  * [[http://​openvpn.net/​index.php/​open-source/​downloads.html|Download OpenVPN for Windows or UNIX/Linux ]]
 +  * [[http://​code.google.com/​p/​tunnelblick|Download the TunnelBlick OpenVPN client for MacOS X]]
 +
 +=== Setting it up ===
 +
 +You will receive your OpenVPN certificate via SDF internal email for both the USA and EU server. You may use either server when it suits you. The server addresses are:
 +
 +  * openvpn.sdf.org (Tukwila, Washington USA)
 +  * openvpn.sdfeu.org (Falkenstein,​ Germany EU) 
 +
 +$Id: VPN.html,v 1.26 2011/07/17 17:57:14 smj Exp $