Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tutorials:vpn [2012/01/08 23:06] – Fix links memnontutorials:vpn [2012/05/02 18:10] (current) – Import latest additions from sdf. memnon
Line 11: Line 11:
   * [[#Connecting in Mac OS X]]   * [[#Connecting in Mac OS X]]
   * [[#The Wrap-up]]   * [[#The Wrap-up]]
 +  * [[#Connecting to the SDF VPN with OpenVPN (USA/EU)]]
 +    * [[#Getting the OpenVPN software]]
 +    * [[#Setting it up]]
  
 ===== Overview ===== ===== Overview =====
Line 62: Line 65:
  
   - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '**sudo apt-get install pptp-linux**' into a terminal.   - Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '**sudo apt-get install pptp-linux**' into a terminal.
-  - Create a file named sdfpptp in /etc/ppp/peers by entering '**sudo gedit /etc/ppp/peers**'. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//username//** with your username.)\\ \\  Note: Make sure to replace **//IP Address//** with the IP address/hostname provided when running '**setvpn**' in the shell.\\+  - Create a file named sdfpptp in /etc/ppp/peers by entering '**sudo gedit /etc/ppp/peers**'. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//username//** with your username.)\\ \\  Note: Make sure to replace **//IP Address//** with the IP address/hostname provided when running '**setvpn**' in the shell.\\ <code>
     remotename sdfpptp     remotename sdfpptp
     linkname sdfpptp     linkname sdfpptp
Line 81: Line 84:
     bsdcomp 9,15     bsdcomp 9,15
     deflate 9,15     deflate 9,15
-    idle 0+    idle 0 </code>
   - Save the file.   - Save the file.
   - Edit /etc/ppp/chap-secrets by entering '**sudo gedit /etc/ppp/chap-secrets**'. Add the line **//username// stfpptp //password// *** replacing //username// and //password// with your SDF username and your password set by **'setvpn'**.   - Edit /etc/ppp/chap-secrets by entering '**sudo gedit /etc/ppp/chap-secrets**'. Add the line **//username// stfpptp //password// *** replacing //username// and //password// with your SDF username and your password set by **'setvpn'**.
Line 89: Line 92:
  
 Alternatively to steps 5 and 6, you might use a wrapper script like this:\\ Alternatively to steps 5 and 6, you might use a wrapper script like this:\\
 +<code bash>
   #!/bin/bash   #!/bin/bash
   SDFVPNHOST=**//IP Address//**   SDFVPNHOST=**//IP Address//**
Line 100: Line 103:
   ip route del $SDFVPNHOST via $VIA dev $DEV   ip route del $SDFVPNHOST via $VIA dev $DEV
   ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun   ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun
 +</code>
  
  This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun".\\  This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun".\\
Line 119: Line 123:
 {{tutorials/images/vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/images/vpn4.png|Network Manager - VPN Settings Overview}} {{tutorials/images/vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/images/vpn4.png|Network Manager - VPN Settings Overview}}
  
-Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]):+Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#Setting it up|from when you ran setvpn]]):
  
 {{tutorials/images/vpn2.png|Network Manager Settings - VPN Settings Detail}} {{tutorials/images/vpn2.png|Network Manager Settings - VPN Settings Detail}}
Line 138: Line 142:
  
   * Install mpd4 from ports or packages.   * Install mpd4 from ports or packages.
-  * Add the following section to your /usr/local/etc/mpd4/mpd4.conf:  sdfvpn: new -i ng1 sdfvpn sdfvpn set iface disable on-demand set iface idle 0 # disconnect the client after 8 hours set iface session 28800 set iface route 10.0.0.0/24 set iface route default set bundle disable multilink set auth authname "USERNAME" set auth password "PASSWORD" set link yes acfcomp protocomp set link no eap set link no pap set link accept chap set link mtu 1460 set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/ set ipcp yes req-pri-dns req-sec-dns # # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. # set bundle yes compression set ccp yes mppc set ccp yes mpp-compress set ccp yes mpp-e128 #set bundle accept crypt-reqd set ccp yes mpp-stateless open+  * Add the following section to your /usr/local/etc/mpd4/mpd4.conf:<code>  
 +  sdfvpn:  
 +  new -i ng1 sdfvpn sdfvpn  
 +  set iface disable on-demand  
 +  set iface idle 0  
 +  # disconnect the client after 8 hours  
 +  set iface session 28800  
 +  set iface route 10.0.0.0/24  
 +  set iface route default  
 +  set bundle disable multilink  
 +  set auth authname "USERNAME"  
 +  set auth password "PASSWORD"  
 +  set link yes acfcomp protocomp  
 +  set link no eap  
 +  set link no pap  
 +  set link accept chap  
 +  set link mtu 1460  
 +  set link keep-alive 10 75  
 +  set ipcp yes vjcomp  
 +  set ipcp ranges 0.0.0.0/  
 +  set ipcp yes req-pri-dns req-sec-dns  
 +   
 +  # The five lines below enable Microsoft Point-to-Point encryption  
 +  # (MPPE) using the ng_mppc(8) netgraph node type.  
 +   
 +  set bundle yes compression  
 +  set ccp yes mppc  
 +  set ccp yes mpp-compress  
 +  set ccp yes mpp-e128  
 +  #set bundle accept crypt-reqd  
 +  set ccp yes mpp-stateless  
 +  open 
 +  </code>
   * You will have to replace three (3) things in this config:   * You will have to replace three (3) things in this config:
     - Your USERNAME     - Your USERNAME
     - Your PASSWORD     - Your PASSWORD
     - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.  '     - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.  '
-  * Add this in your /usr/local/etc/mpd4/mpd4.links file:  sdfvpn: set link type pptp set pptp peer  set pptp enable originate outcall set pptp disable incoming+  * Add this in your /usr/local/etc/mpd4/mpd4.links file:<code>   
 +    sdfvpn:  
 +    set link type pptp  
 +    set pptp peer   
 +    set pptp enable originate outcall  
 +    set pptp disable incoming </code>
   * You will have to replace one (1) thing in this config:   * You will have to replace one (1) thing in this config:
     - The public address of SDF's VPN host. You can get this by running setvpn at the shell.     - The public address of SDF's VPN host. You can get this by running setvpn at the shell.
Line 188: Line 229:
  
 Enjoy! Enjoy!
 +
 +===== Connecting to the SDF VPN with OpenVPN (USA/EU) =====
 +
 +=== Overview ===
 +
 +The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network.
 +
 +The major benefit of this over SSH forwarding/tunneling is that it is much easier to configure and automatically tunnels all connections leaving your computer, and not just those specifically configured for forwarding. Some may see this as a negative aspect of the VPN, however.
 +
 +=== Getting the OpenVPN software ===
 +
 +  * [[http://openvpn.net/index.php/open-source/downloads.html|Download OpenVPN for Windows or UNIX/Linux ]]
 +  * [[http://code.google.com/p/tunnelblick|Download the TunnelBlick OpenVPN client for MacOS X]]
 +
 +=== Setting it up ===
 +
 +You will receive your OpenVPN certificate via SDF internal email for both the USA and EU server. You may use either server when it suits you. The server addresses are:
 +
 +  * openvpn.sdf.org (Tukwila, Washington USA)
 +  * openvpn.sdfeu.org (Falkenstein, Germany EU) 
 +
 +$Id: VPN.html,v 1.26 2011/07/17 17:57:14 smj Exp $