Best vpn w/ iptables.

Best vpn w/ iptables.

[Rowan Reid]

I'm gonna be implimenting a VPN between two offices. Both gateways being
the Firewall also. Which uses Netfilter I'm looking for secure straight
forward routable setup and 100% compatability with netfilter ie not
pptp. It also has to be open source. I know this isn't a vpn group but I
figured you would have valuable input. Thanks Right now I'm looking at
freeswan


 
Rowan Reid
Job Captain, 
Systems Administrator
STUDIO 3 ARCHITECTS
909  982  1717

Re: Best vpn w/ iptables.

[F.M. Taylor]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am doing exactly that here, VPN between my home and office via FreeS/WAN.
I have been working on it for 2 days, and almost have it working correctly.  
THe documentation leaves a little to be desired, but for the most part I have 
corrected all my problems.  I had to open UDP 500 and protocol 50 an d 51 in 
netfilter.  I thought I had it working but I must of missed something in the 
routing 'cause when It came up it killed the routing on my remote end and had 
to call my wife and have her reboot the box.  Guess I need to R more of TFM, 
everything seems to be in there, just not in a step by step format.


On Friday 20 December 2002 12:23 pm, Rowan Reid imparted the following wisdom:
> I'm gonna be implimenting a VPN between two offices. Both gateways being
> the Firewall also. Which uses Netfilter I'm looking for secure straight
> forward routable setup and 100% compatability with netfilter ie not
> pptp. It also has to be open source. I know this isn't a vpn group but I
> figured you would have valuable input. Thanks Right now I'm looking at
> freeswan
>
>
>
> Rowan Reid
> Job Captain,
> Systems Administrator
> STUDIO 3 ARCHITECTS
> 909  982  1717

- -- 
Mike Taylor.  GSEC          Non Impediti Ratione Cogitationis
Coordinator of Systems Administration and Network Security
Indiana State University.                      Rankin Hall Rm 039
210 N 7th St.                                           Terre Haute, IN.
Voice: 812-237-8843
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+A1rXknPysOadsKcRAplOAJ91pvVvX5KLaq/JqANRNiAa03EoVACgj0cM
GNAcLFMjCK++xSTEtm8GULw=
=hXRi
-----END PGP SIGNATURE-----

Re: Best vpn w/ iptables.

[Andrea Rossato]

Starting from kernel 2.5.49 IPSec went into the tree: if you need 
encryption and authentication that could be a solution (probably better 
than freeswan, since the later was not considered for inclusion into the 
kernel). I don't need them, so I'm sticking with plain gre tunnels and 
linux-2.4.20

for more information on tunnels and vpn you may have a look at 
http://lartc.org (linux advanced routing and traffic control) and ask in 
their meailing list.
The howto explains in details how to setup a secure vpn using the kernel 
support.
hope this can help.

andrea

Rowan Reid wrote:
> 
> I'm gonna be implimenting a VPN between two offices. Both gateways being
> the Firewall also. Which uses Netfilter I'm looking for secure straight
> forward routable setup and 100% compatability with netfilter ie not
> pptp. It also has to be open source. I know this isn't a vpn group but I
> figured you would have valuable input. Thanks Right now I'm looking at
> freeswan
> 
> 
>  
> Rowan Reid
> Job Captain, 
> Systems Administrator
> STUDIO 3 ARCHITECTS
> 909  982  1717
> 
> 
> 
> 

Re: Best vpn w/ iptables.

[Richard Mueller]

Hallo Rowan,

Friday, December 20, 2002, 6:23:21 PM, haben Sie geschrieben:



RR> I'm gonna be implimenting a VPN between two offices. Both gateways being
RR> the Firewall also. Which uses Netfilter I'm looking for secure straight
RR> forward routable setup and 100% compatability with netfilter ie not
RR> pptp. It also has to be open source. I know this isn't a vpn group but I
RR> figured you would have valuable input. Thanks Right now I'm looking at
RR> freeswan

http://openvpn.sf.net/

It's easy to set up, and can run totally in userspace. :)

Mit freundlichen Gruessen

Richard Mueller

--
Richard Mueller     mailto:mueller@teamix.net  Fon: +49 9171 896287
Teamix GmbH         http://www.teamix.de       Fax: +49 9171 896286
Networks - Consulting - Training - Software Development - eCommerce

RE: Best vpn w/ iptables.

[Rowan Reid]

> Starting from kernel 2.5.49 IPSec went into the tree: if you need 
> encryption and authentication that could be a solution 
> (probably better 
> than freeswan, since the later was not considered for 
> inclusion into the 
> kernel). I don't need them, so I'm sticking with plain gre 
> tunnels and 
> linux-2.4.20

I'm noticing the the IPSec implimentation uses/is protocol 50 -p 50
Will any version of IPTables recognise this or will I be needing to
update
To the latest version of IPTables. I think I'm leaning towards 2.5.49
kernel
Implimentation givin I can trim it down enough to get something
relitivly stable.

Re: Best vpn w/ iptables.

[Andrea Rossato]

Rowan Reid wrote:
> I'm noticing the the IPSec implimentation uses/is protocol 50 -p 50
> Will any version of IPTables recognise this or will I be needing to
> update
> To the latest version of IPTables. I think I'm leaning towards 2.5.49
> kernel
> Implimentation givin I can trim it down enough to get something
> relitivly stable.

i've read that someone is using 2.5.51 in routers, so i think you should 
be able to get something stable with 2.5.52.
I don't know if _any_ version of iptables is going to recognize ipsec 
packets - even though i do not see any reason why it should not, but i 
suppose that a relatively recent version should do the job.
good luck.
andrea