Home > Documentation > VPN - Virtual Private Network > VPN config and setup overview

VPN config and setup overview

Posted by peter on October 25, 2011

The server to server overview
For a server to server VPN “Pipe” you will only need an IPSEC connection since you won’t be authenticating on either server.
You will only be providing an encrypted tunnel between two networks. Your routing tables need to be configured so that each server knows about the other network.
On the server you will need to do the following, all of which will be explained in detail later:
1.      For the server to support VPN you will need to make sure that your server kernel supports IP Sec
2.      Download and install “openswan-2.4.7-1.i686.rpm” or in stall from your software manager if you distribution includes it.
3.      Set ipsec to start at boot. And start the ipsec service
4.      Check to see if ipsec has started properly with the “ipsec verify” command. The encryption should be disabled at this stage.
5.      Draw your network as follows, designate one as left and one as right.
6.      Left and right parameters must be configured in the /etc/ipsec.conf configuration file. Each server needs to be configured.
7.      Setup The RSA Keys on both servers, and restart ipsec.
8.      Change firewall settings as needed
9.      Initialize the new tunnel
10.  Test new tunnel

The client to server Overview
For a client server environment you will need to use L2TP over IPSEC. IPSEC provides the encrypted tunnel and L2TP will be used to manage clients who connect.
During this course you will install XL2TPD which is provides an updated version of L2TP.
To successfully set up a client server connection you will need to do the following:
1.      Install IPSEC on the server
2.      Install L2TP on the server
3.      Edit the /etc/ipsec.conf file to define a connection from anywhere and that the authentication will be using PPP.
4.      edit the /xl2tpd/xl2tpd.conf file to define the IP range for incoming client connections and whether the authentication will use pap or chap.
Specify your options file (options.l2tpd).
5.      Edit the /etc/ppp/chap-secrets file and add in a user name and password for the client who wants to connect.
6.      Start your services
7.      Connect with a client and test

Comments:

Leave a Reply



(Your email will not be publicly displayed.)

Please type the letters and numbers shown in the image.Captcha CodeClick the image to see another captcha.