On Tuesday 24 August 2004 03:37, Shawn wrote: > Hi gang. > > I'm pretty sure that I should be able to setup a VPN connection to my > corporate network from Linux (Suse 9.1 to be exact), but am not having any > luck in finding good documentation on this. The VPN server is a Microsoft > box, and I understand that they do things a little differently than the > rest of the world with regards to VPN. > > Thus far, my search indicates that the pptp client should be able to help, > or FreeS/Wan. I tried to follow the instructions for the pptp client, but > couldn't get the gui interface running. I dug a bit more with it and found > pptpconfig and played with that. Then entered the command > "pptp 111.111.111.111", and I seemed to get a connection, but a minute or > two later the connection would end with an error "Terminating on signal > 15", which I'm guessing is a timeout on authentication.
Ok, step one is to find out what kind of VPN you're connecting to. You either want PoPToP for a PPTP VPN, or OpenSwan if you're connecting with IPSec. To be really blunt, PPTP is a hopeless VPN. It's been abandoned almost everywhere, even by Microsoft, because it has so many security problems. Having said that, there are LOTS of people still using it, and I suppose it's better than nothing. FreeSwan was abandoned after the project funding dried up. It was forked into Strongswan, and Openswan. Openswan seems to be a Canadian thing, ran out of a consulting company named xelerance which is located in Toronto. IPCop uses Openswan. I haven't seen Strongswan in use anywhere yet. > I looked into FreeS/Wan, and it looks to be a bunch of command line configs > - which is fine, if you understand all the options. Also, it seems to > indicate I have to do something different with my firewall (which is IPCop) > to NOT masquerade the internal IP address. Is this really necessary? Yes. There was a checkbox in the VPN page for IPcop in older versions. I believe this is no longer used. Be aware that masqing IPSec traffic will only (to my knowledge) work for one connection. I'm not sure if 2.6 changes that, but I suspect it's a limitation of IPTables, rather than the kernel itself (correct me if I'm wrong here), and therefore, I'd bet that it still exists. If you're connecting to an IPSec VPN, I'd recommend that you just use your IPCop box to establish the connection for you. I'd recommend upgrading to the newest version (RC1) as well. There have been HUGE changes since 1.3, and a disproportonate share of those changes focus on VPNs. Kev. _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
