Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorials:vpn [2012/05/02 17:51]
memnon minor formatting fixes
tutorials:vpn [2012/05/02 18:10] (current)
memnon Import latest additions from sdf.
Line 11: Line 11:
   * [[#​Connecting in Mac OS X]]   * [[#​Connecting in Mac OS X]]
   * [[#The Wrap-up]]   * [[#The Wrap-up]]
 +  * [[#​Connecting to the SDF VPN with OpenVPN (USA/EU)]]
 +    * [[#Getting the OpenVPN software]]
 +    * [[#Setting it up]]
  
 ===== Overview ===== ===== Overview =====
Line 120: Line 123:
 {{tutorials/​images/​vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/​images/​vpn4.png|Network Manager - VPN Settings Overview}} {{tutorials/​images/​vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/​images/​vpn4.png|Network Manager - VPN Settings Overview}}
  
-Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]):+Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#Setting it up|from when you ran setvpn]]):
  
 {{tutorials/​images/​vpn2.png|Network Manager Settings - VPN Settings Detail}} {{tutorials/​images/​vpn2.png|Network Manager Settings - VPN Settings Detail}}
Line 139: Line 142:
  
   * Install mpd4 from ports or packages.   * Install mpd4 from ports or packages.
-  * Add the following section to your /​usr/​local/​etc/​mpd4/​mpd4.conf: ​ sdfvpn: new -i ng1 sdfvpn sdfvpn set iface disable on-demand set iface idle 0 # disconnect the client after 8 hours set iface session 28800 set iface route 10.0.0.0/24 set iface route default set bundle disable multilink set auth authname "​USERNAME"​ set auth password "​PASSWORD"​ set link yes acfcomp protocomp set link no eap set link no pap set link accept chap set link mtu 1460 set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/​0 ​ set ipcp yes req-pri-dns req-sec-dns # # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. # set bundle yes compression set ccp yes mppc set ccp yes mpp-compress set ccp yes mpp-e128 #set bundle accept crypt-reqd set ccp yes mpp-stateless open+  * Add the following section to your /​usr/​local/​etc/​mpd4/​mpd4.conf:​<​code>​  
 +  ​sdfvpn: ​ 
 +  ​new -i ng1 sdfvpn sdfvpn ​ 
 +  ​set iface disable on-demand ​ 
 +  ​set iface idle 0  
 +  ​# disconnect the client after 8 hours  
 +  ​set iface session 28800  
 +  ​set iface route 10.0.0.0/​24 ​ 
 +  ​set iface route default ​ 
 +  ​set bundle disable multilink ​ 
 +  ​set auth authname "​USERNAME" ​ 
 +  ​set auth password "​PASSWORD" ​ 
 +  ​set link yes acfcomp protocomp ​ 
 +  ​set link no eap  
 +  ​set link no pap  
 +  ​set link accept chap  
 +  ​set link mtu 1460  
 +  ​set link keep-alive 10 75  
 +  ​set ipcp yes vjcomp ​ 
 +  ​set ipcp ranges 0.0.0.0/​0 ​  
 +  set ipcp yes req-pri-dns req-sec-dns ​ 
 +  ​ 
 +  ​# The five lines below enable Microsoft Point-to-Point encryption ​ 
 +  ​# (MPPE) using the ng_mppc(8) netgraph node type.  
 +  ​ 
 +  ​set bundle yes compression ​ 
 +  ​set ccp yes mppc  
 +  ​set ccp yes mpp-compress ​ 
 +  ​set ccp yes mpp-e128 ​ 
 +  ​#set bundle accept crypt-reqd ​ 
 +  ​set ccp yes mpp-stateless ​ 
 +  ​open 
 +  </​code>​
   * You will have to replace three (3) things in this config:   * You will have to replace three (3) things in this config:
     - Your USERNAME     - Your USERNAME
     - Your PASSWORD     - Your PASSWORD
     - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.  '     - The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP.  '
-  * Add this in your /​usr/​local/​etc/​mpd4/​mpd4.links file:  sdfvpn: set link type pptp set pptp peer  set pptp enable originate outcall set pptp disable incoming+  * Add this in your /​usr/​local/​etc/​mpd4/​mpd4.links file:<​code> ​  
 +    ​sdfvpn: ​ 
 +    ​set link type pptp  
 +    ​set pptp peer  ​ 
 +    ​set pptp enable originate outcall ​ 
 +    ​set pptp disable incoming ​</​code>​
   * You will have to replace one (1) thing in this config:   * You will have to replace one (1) thing in this config:
     - The public address of SDF's VPN host. You can get this by running setvpn at the shell.     - The public address of SDF's VPN host. You can get this by running setvpn at the shell.
Line 189: Line 229:
  
 Enjoy! Enjoy!
 +
 +===== Connecting to the SDF VPN with OpenVPN (USA/EU) =====
 +
 +=== Overview ===
 +
 +The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network.
 +
 +The major benefit of this over SSH forwarding/​tunneling is that it is much easier to configure and automatically tunnels all connections leaving your computer, and not just those specifically configured for forwarding. Some may see this as a negative aspect of the VPN, however.
 +
 +=== Getting the OpenVPN software ===
 +
 +  * [[http://​openvpn.net/​index.php/​open-source/​downloads.html|Download OpenVPN for Windows or UNIX/Linux ]]
 +  * [[http://​code.google.com/​p/​tunnelblick|Download the TunnelBlick OpenVPN client for MacOS X]]
 +
 +=== Setting it up ===
 +
 +You will receive your OpenVPN certificate via SDF internal email for both the USA and EU server. You may use either server when it suits you. The server addresses are:
 +
 +  * openvpn.sdf.org (Tukwila, Washington USA)
 +  * openvpn.sdfeu.org (Falkenstein,​ Germany EU) 
 +
 +$Id: VPN.html,v 1.26 2011/07/17 17:57:14 smj Exp $