VPN between two masqued subnets

[DNS Admin]

Jimen Ching wrote:
> 
> On Fri, 27 Apr 2001, Deven Phillips wrote:
> >       Have I got an answer for you!! We just did a similar setup for our
> 
> I also am looking into setting up a VPN.  I want to access my work network
> from home, so I won't need to go into the office over the weekends.  The
> work network is using SafeNet as the IPSec server.
> 

I don't know if this particular software is supported by FreeS/WAN . .
Check their site.

> I looked around for information on VPN on Linux, but most of the FAQ's
> were not very clear.  They seem to be written for long time network
> admins, rather than regular users.  Anyway, I still have a few questions
> and hope you can help me.
> 

IPSEC isn't the answer for the home user tunneling a single machine to
their office. The right answer for that is probably L2TP. There are
currently only development implementations of this protocol for Linux.

> 1.  Is VPN symetric?  The FAQ mentions client/server sides, but the
> instructions seem to imply that there is no real difference.  VPN allows
> two subnets to see each other as though they are in the next room, rather
> than miles apart.
> 

For IPSEC, the server and client are pretty much the same. They both
have almost the exact same configuration.

> 2.  The instructions only mention setting up ipmasq rules.  I got the
> impression that there is some kind of login mechanism.  I.e. where do I
> specify the IP address of my work place?  IPSec mentions something about
> shared keys or some such, where do I enter that?  The FAQ also mentions
> that a VPN link could be broken.  This sounds like a link must be
> established, this was not in the instructions.
> 

The authentication is done with RSA digital certificates. You genereate
a cert, share the public key with the other end, and then they can
identify each other. This is true for FreeS/WAN, but I cannot speak for
other implementations.

> 3.  I only want to connect to my work place's SafeNet VPN.  I do not want
> to run my own VPN for others to access.  Can FreeS/WAN do this?  The
> FreeS/WAN web site seems to imply that it is a server side software.  Of
> course, I don't know if there is a difference between server vs. client
> side.  But I do not want to turn my home network into a VPN.  Does the
> previous sentence even make sense?

FreeS/WAN may be able to do it, depending how strangely the SafeNet VPN
system works. I have seen some VPN devices/software that requires all
kinds of proprietary situations that FreeS/WAN cannot duplicate. For
more answers about specific IPSEC implementations see the vendor's
website, or check the FreeS/WAN user submissions.

> 
> Any help is greatly appreciated.
> 

You are quite welcome.

> --jc
> --
> Jimen Ching (WH6BRR)      jching at flex.com     wh6brr at uhm.ampr.org
> 
> ---
> You are currently subscribed to luau as: dphillips at viata.com
> To unsubscribe send a blank email to $subst('Email.Unsub')


Deven Phillips, CISSP
Network Architect
Viata Online, Inc.