View previous topic :: View next topic |
Author |
Message |
KraziKid Tux's lil' helper
Joined: 26 Dec 2002 Posts: 128
|
Posted: Sat Mar 22, 2003 4:02 pm Post subject: VPN? |
|
|
i want to set up a VPN for my fathers office. What would be a good vpn server to use? |
|
Back to top |
|
|
Antagony n00b
Joined: 03 Mar 2003 Posts: 27
|
Posted: Sat Mar 22, 2003 10:27 pm Post subject: |
|
|
Depends on what exactly you want to do.
Do you just need filesharing, or do you want to be able to forward desktops and what-not? Do you need printer sharing? What about access to other hardware devices (like CDROM)?
Oh yes, and also, which OS's are you running? From linux to windows, from windows to linux, or do you need both? |
|
Back to top |
|
|
KraziKid Tux's lil' helper
Joined: 26 Dec 2002 Posts: 128
|
Posted: Sat Mar 22, 2003 11:01 pm Post subject: |
|
|
I need filsharing for SAMBA. The server will be running gentoo, and all the clients are running Windows XP or Windows 2000. Any suggestions? |
|
Back to top |
|
|
thinair Tux's lil' helper
Joined: 01 Nov 2002 Posts: 144 Location: Suisse
|
|
Back to top |
|
|
CountZero Tux's lil' helper
Joined: 21 Jan 2003 Posts: 79 Location: Arlington, TX, USA
|
Posted: Sun Mar 23, 2003 7:05 am Post subject: |
|
|
POPTOP is also another way to go. It's net-dialup/pptpd or http://www.poptop.org You can even get encryption working with this. I did on my machine. |
|
Back to top |
|
|
Ethereal n00b
Joined: 19 Mar 2003 Posts: 38 Location: Russia, Moscow
|
Posted: Sun Mar 23, 2003 11:58 am Post subject: |
|
|
I recommend you IPSEC, maybe its a little overkill, but its much more powerful than poptop. I had numerous problems with pptp due to its strange behavior and sometimes difficult installation. |
|
Back to top |
|
|
KraziKid Tux's lil' helper
Joined: 26 Dec 2002 Posts: 128
|
Posted: Sun Mar 23, 2003 11:47 pm Post subject: |
|
|
Will OpenVPN allow me to connect to the client computers that are running Windows XP? The client's do not have a linux gatewaty, they are directly connected to the internet using a cable modem. |
|
Back to top |
|
|
el*Loco Tux's lil' helper
Joined: 29 Jan 2003 Posts: 91 Location: Cologne, Germany
|
Posted: Mon Mar 24, 2003 8:55 pm Post subject: |
|
|
CountZero wrote: | POPTOP is also another way to go. It's net-dialup/pptpd or http://www.poptop.org You can even get encryption working with this. I did on my machine. |
I tried using poptop with my Windows XP client (running with default Win XP VPN Settings) without success
Error in syslog:
Code: |
Mar 24 21:53:42 loco pptpd[16110]: MGR: Launching /usr/sbin/pptpctrl to handle client
Mar 24 21:53:42 loco pptpd[16110]: CTRL: local address = 192.168.1.1
Mar 24 21:53:42 loco pptpd[16110]: CTRL: remote address = 192.168.1.200
Mar 24 21:53:42 loco pptpd[16110]: CTRL: pppd speed = 115200
Mar 24 21:53:42 loco pptpd[16110]: CTRL: pppd options file = /etc/ppp/options.pptpd
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Client 192.168.6.2 control connection started
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Received PPTP Control Message (type: 1)
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Made a START CTRL CONN RPLY packet
Mar 24 21:53:42 loco pptpd[16110]: CTRL: I wrote 156 bytes to the client.
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Sent packet to client
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Received PPTP Control Message (type: 7)
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Set parameters to 1525 maxbps, 64 window size
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Made a OUT CALL RPLY packet
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Starting call (launching pppd, opening GRE)
Mar 24 21:53:42 loco pptpd[16110]: CTRL: pty_fd = 5
Mar 24 21:53:42 loco pptpd[16110]: CTRL: tty_fd = 6
Mar 24 21:53:42 loco pptpd[16110]: CTRL: I wrote 32 bytes to the client.
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Sent packet to client
Mar 24 21:53:42 loco pptpd[16111]: CTRL (PPPD Launcher): Connection speed = 115200
Mar 24 21:53:42 loco pptpd[16111]: CTRL (PPPD Launcher): local address = 192.168.1.1
Mar 24 21:53:42 loco pptpd[16111]: CTRL (PPPD Launcher): remote address = 192.168.1.200
Mar 24 21:53:42 loco pppd[16111]: The remote system is required to authenticate itself
Mar 24 21:53:42 loco pppd[16111]: but I couldn't find any suitable secret (password) for it to use to do so.
Mar 24 21:53:42 loco pppd[16111]: (None of the available passwords would let it use an IP address.)
Mar 24 21:53:42 loco pptpd[16110]: GRE: read(fd=5,buffer=804d520,len=8196) from PTY failed: status = -1 error = Input/output error
Mar 24 21:53:42 loco pptpd[16110]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Client 192.168.6.2 control connection finished
Mar 24 21:53:42 loco pptpd[16110]: CTRL: Exiting now
Mar 24 21:53:42 loco pptpd[16109]: MGR: Reaped child 16110
|
Any idea what might be wrong? Here are some of the config files:
/etc/ppp/options.pptpd
Code: | ## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
#debug
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
proxyarp
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
+chap
auth
require-chap
nodetach
lcp-echo-interval 30
lcp-echo-failure 4
ipcp-accept-local
ipcp-accept-remote
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#-chap
-chapms
+chapms-v2
mppe-128
mppe-stateless
# These options will tell ppp to pass on these to your clients
# To use ms-dns or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins your.server.here
#ms-dns your.server.here |
/etc/ppp/chap-secrets
Code: | # Secrets for authentication using CHAP
# client server secret IP addresses
"abc" * "123" * |
/etc/pptpd.conf
Code: | ################################################################################
#
# Sample PoPToP configuration file
#
# for PoPToP version 1.1.3
#
################################################################################
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: debug
#
# Turns on (more) debugging to syslog
#
debug
# TAG: localip
# TAG: remoteip
#
# Specifies the local and remote IP address ranges.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
localip 192.168.1.1
remoteip 192.168.1.200-238 |
|
|
Back to top |
|
|
acidreign Tux's lil' helper
Joined: 21 Apr 2002 Posts: 122 Location: Brisbane, Australia
|
Posted: Tue Mar 25, 2003 1:56 pm Post subject: Freeswan |
|
|
A "better" way of setting up the tunnel is to use freeswan, very nice, very simple, but read the documentation. Freeswan is the more "mature" way of doing this, it has alot of flexability, and alot of power.
Some of the solutions mentioned above may suit your needs, but I found freeswan to the single "vpn app" that suits all my needs. |
|
Back to top |
|
|
honold n00b
Joined: 29 Jan 2003 Posts: 22
|
Posted: Wed Mar 26, 2003 3:59 pm Post subject: |
|
|
vote for frees/wan ipsec |
|
Back to top |
|
|
honold n00b
Joined: 29 Jan 2003 Posts: 22
|
Posted: Wed Mar 26, 2003 3:59 pm Post subject: |
|
|
note you can buy some inexpensive linux-based routers from www.snapgear.com for this with a nice gui... |
|
Back to top |
|
|
aheld n00b
Joined: 15 Nov 2002 Posts: 24 Location: ~Boston, MA
|
Posted: Tue Apr 01, 2003 4:59 pm Post subject: |
|
|
el*Loco:
get rid of the quotes (") in /etc/ppp/options.pptpd
If that does not work then uncomment the debug line in
/etc/ppp/options.pptpd
#debug
to
debug
and restart pptpd and try again, then send the logfile.
The problem is most likely your windows domain \ username do not match anything in chap-secrets |
|
Back to top |
|
|
el*Loco Tux's lil' helper
Joined: 29 Jan 2003 Posts: 91 Location: Cologne, Germany
|
Posted: Sun Apr 06, 2003 12:33 am Post subject: |
|
|
thx aheld,
just re-installed my router after my old harddisk failed, gonna give it a second try with pptp |
|
Back to top |
|
|
aheld n00b
Joined: 15 Nov 2002 Posts: 24 Location: ~Boston, MA
|
Posted: Mon Apr 07, 2003 2:13 pm Post subject: Correction |
|
|
I made a mistake in my last post
You should remove the quotes (") from the file /etc/ppp/chap-secrets |
|
Back to top |
|
|
xpunkrockryanx Tux's lil' helper
Joined: 22 Sep 2002 Posts: 87 Location: College Place, WA, USA
|
Posted: Mon Apr 28, 2003 8:21 pm Post subject: |
|
|
does freeswan support the situation where i have one server in a local network at an office running freeswan, and i have a user at home running windows xp or 2000 that would connect in to the local network so that they could share files (samba or windows file sharing) and network printers etc. essentially, i want a server that would replace a microsoft winnt or win2k vpn server for remote access. i don't need any site to site tunneling. i do need user authentication etc. is it easy to get this functionality from freeswan? would i have to use pptpd? basically i want it to simple and comfortable for the end user. no installing of extra software or configuration of encryption keys. anybody have suggestions for that scenario?
thanks,
ryan |
|
Back to top |
|
|
Crg Guru
Joined: 29 May 2002 Posts: 345 Location: London
|
Posted: Mon Apr 28, 2003 10:39 pm Post subject: |
|
|
KraziKid wrote: | Will OpenVPN allow me to connect to the client computers that are running Windows XP? The client's do not have a linux gatewaty, they are directly connected to the internet using a cable modem. |
Not as yet. |
|
Back to top |
|
|
raid517 l33t
Joined: 06 Mar 2003 Posts: 946
|
|
Back to top |
|
|
tyreth Apprentice
Joined: 27 May 2002 Posts: 238 Location: Melbourne, Australia
|
Posted: Wed May 28, 2003 8:02 pm Post subject: |
|
|
el*Loco, those problems you see may be firewall related. I experienced the same/similar error, but I turned the firewall to have no rules and a default policy of accept to test it, and worked fine. |
|
Back to top |
|
|
TimoTye n00b
Joined: 16 May 2003 Posts: 27 Location: Dallas, TX
|
Posted: Mon Jun 02, 2003 3:45 pm Post subject: Successful openvpn installation |
|
|
I am almost done with an openvpn based vpn solution. I tried freeswan but found it to not only be more than I needed but also much more complicated to get going. With freeswan you are dealing with recompiling the kernel and also with NAT and Firewall issues.
Openvpn is user space and much easier to get working. It handles dhcp very nicely and NAT's do not affect it at all. If you are just setting up <10 vpn connections this is the way to go. It requires a server running for each vpn client so it does not scale as well as freeswan.
It also simplifies things if the openvpn server is also the gateway/NAT/router for the network. It is pretty amazing how seamless it all is when you get it set up. |
|
Back to top |
|
|
|