VPN between two masqued subnets
DNS Admin
dphillips at viata.com
Fri Apr 27 18:46:35 PDT 2001
Jimen Ching wrote:
>
> On Fri, 27 Apr 2001, Deven Phillips wrote:
> > Have I got an answer for you!! We just did a similar setup for our
>
> I also am looking into setting up a VPN. I want to access my work network
> from home, so I won't need to go into the office over the weekends. The
> work network is using SafeNet as the IPSec server.
>
I don't know if this particular software is supported by FreeS/WAN . .
Check their site.
> I looked around for information on VPN on Linux, but most of the FAQ's
> were not very clear. They seem to be written for long time network
> admins, rather than regular users. Anyway, I still have a few questions
> and hope you can help me.
>
IPSEC isn't the answer for the home user tunneling a single machine to
their office. The right answer for that is probably L2TP. There are
currently only development implementations of this protocol for Linux.
> 1. Is VPN symetric? The FAQ mentions client/server sides, but the
> instructions seem to imply that there is no real difference. VPN allows
> two subnets to see each other as though they are in the next room, rather
> than miles apart.
>
For IPSEC, the server and client are pretty much the same. They both
have almost the exact same configuration.
> 2. The instructions only mention setting up ipmasq rules. I got the
> impression that there is some kind of login mechanism. I.e. where do I
> specify the IP address of my work place? IPSec mentions something about
> shared keys or some such, where do I enter that? The FAQ also mentions
> that a VPN link could be broken. This sounds like a link must be
> established, this was not in the instructions.
>
The authentication is done with RSA digital certificates. You genereate
a cert, share the public key with the other end, and then they can
identify each other. This is true for FreeS/WAN, but I cannot speak for
other implementations.
> 3. I only want to connect to my work place's SafeNet VPN. I do not want
> to run my own VPN for others to access. Can FreeS/WAN do this? The
> FreeS/WAN web site seems to imply that it is a server side software. Of
> course, I don't know if there is a difference between server vs. client
> side. But I do not want to turn my home network into a VPN. Does the
> previous sentence even make sense?
FreeS/WAN may be able to do it, depending how strangely the SafeNet VPN
system works. I have seen some VPN devices/software that requires all
kinds of proprietary situations that FreeS/WAN cannot duplicate. For
more answers about specific IPSEC implementations see the vendor's
website, or check the FreeS/WAN user submissions.
>
> Any help is greatly appreciated.
>
You are quite welcome.
> --jc
> --
> Jimen Ching (WH6BRR) jching at flex.com wh6brr at uhm.ampr.org
>
> ---
> You are currently subscribed to luau as: dphillips at viata.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
Deven Phillips, CISSP
Network Architect
Viata Online, Inc.
More information about the LUAU
mailing list