Router-to-Router VPN

Router-to-Router VPN

Post by Louis » Wed, 28 Jun 2000 04:00:00



Anyone have any tips on setting up an SSH vpn between two linux masqing
firewalls?  I need to have a tunnel between the two systems where data can
be routed over it as if it were a gateway address (where the systems over
the vpn have a different IP domain than the local ones).  The bottom line
goal is to have the VPN allow us to, for example, telnet to the system and
have the full IP packets routed over the tunnel (so we can use TCP, UDP,
ICMP, whatever).  I'm having a hard time with the VPN-HOWTO, it seems like
all you can do with those instructions is set up tunnels on a per-user, or
per-port basis, which is too specific for what I need.  Any help would be
appreciated.

                                        Thanks,
                                        Louis Z

P.S.  I'm not stuck on using SSH.  I've looked into Zebedee, but it seems
to be just as restrictive (you need Zedebee on each system you connect to)

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Router-to-Router VPN

Post by Rubin Bennet » Wed, 28 Jun 2000 04:00:00


All i can say is... VPND!!! works like a charm, isn't bugged by flakey
connections, can be set up to start on boot.
I actually have it running on a failover cluster, and the vpnd links fail
over without any disruption in service (including telnet/ ssh sessions over
the link!).

Go to http://sunsite.auc.dk/vpnd/ and check it all out there.  If you need a
hand getting it configured, let me know!

Rubin


> Anyone have any tips on setting up an SSH vpn between two linux masqing
> firewalls?  I need to have a tunnel between the two systems where data can
> be routed over it as if it were a gateway address (where the systems over
> the vpn have a different IP domain than the local ones).  The bottom line
> goal is to have the VPN allow us to, for example, telnet to the system and
> have the full IP packets routed over the tunnel (so we can use TCP, UDP,
> ICMP, whatever).  I'm having a hard time with the VPN-HOWTO, it seems like
> all you can do with those instructions is set up tunnels on a per-user, or
> per-port basis, which is too specific for what I need.  Any help would be
> appreciated.

> Thanks,
> Louis Z

> P.S.  I'm not stuck on using SSH.  I've looked into Zebedee, but it seems
> to be just as restrictive (you need Zedebee on each system you connect to)

> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----


 
 
 

Router-to-Router VPN

Post by Tom East » Wed, 28 Jun 2000 04:00:00



>Anyone have any tips on setting up an SSH vpn between two linux masqing
>firewalls?  I need to have a tunnel between the two systems where data can
>be routed over it as if it were a gateway address (where the systems over
>the vpn have a different IP domain than the local ones).  The bottom line
>goal is to have the VPN allow us to, for example, telnet to the system and
>have the full IP packets routed over the tunnel (so we can use TCP, UDP,
>ICMP, whatever).  I'm having a hard time with the VPN-HOWTO, it seems like
>all you can do with those instructions is set up tunnels on a per-user, or
>per-port basis, which is too specific for what I need.  Any help would be
>appreciated.

You might consider FreeS/Wan rather than ssh. A couple of sites of
interest:

http://www.xs4all.nl/~freeswan
http://seawall.sourceforge.net

-Tom
--
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it

Shoreline, Washington USA \___________________________________________

 
 
 

Router-to-Router VPN

Post by loui.. » Thu, 29 Jun 2000 04:00:00



Anyone have any tips on setting up an SSH vpn between two linux
 masqing
firewalls?  I need to have a tunnel between the two systems where
 data can
be routed over it as if it were a gateway address (where the systems
 over
the vpn have a different IP domain than the local ones).  The bottom
 line
goal is to have the VPN allow us to, for example, telnet to the
 system and
have the full IP packets routed over the tunnel (so we can use TCP,
 UDP,
ICMP, whatever).  I'm having a hard time with the VPN-HOWTO, it seems
 like
all you can do with those instructions is set up tunnels on a
 per-user, or
per-port basis, which is too specific for what I need.  Any help
 would be
appreciated.

                                        Thanks,
                                        Louis Z

P.S.  I'm not stuck on using SSH.  I've looked into Zebedee, but it
 seems
to be just as restrictive (you need Zedebee on each system you
 connect to)

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Router-to-Router VPN

Post by rubin.benn.. » Thu, 29 Jun 2000 04:00:00



All i can say is... VPND!!! works like a charm, isn't bugged by
 flakey
connections, can be set up to start on boot.
I actually have it running on a failover cluster, and the vpnd links
 fail
over without any disruption in service (including telnet/ ssh
 sessions over
the link!).

Go to http://sunsite.auc.dk/vpnd/ and check it all out there.  If you
 need a
hand getting it configured, let me know!

Rubin


> Anyone have any tips on setting up an SSH vpn between two linux
 masqing
> firewalls?  I need to have a tunnel between the two systems where
 data can
> be routed over it as if it were a gateway address (where the
 systems over
> the vpn have a different IP domain than the local ones).  The
 bottom line
> goal is to have the VPN allow us to, for example, telnet to the
 system and
> have the full IP packets routed over the tunnel (so we can use TCP,
 UDP,
> ICMP, whatever).  I'm having a hard time with the VPN-HOWTO, it
 seems like
> all you can do with those instructions is set up tunnels on a
 per-user, or
> per-port basis, which is too specific for what I need.  Any help
 would be
> appreciated.

> Thanks,
> Louis Z

> P.S.  I'm not stuck on using SSH.  I've looked into Zebedee, but it
 seems
> to be just as restrictive (you need Zedebee on each system you
 connect to)

> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Router-to-Router VPN

Post by tom.eas.. » Thu, 29 Jun 2000 04:00:00




>Anyone have any tips on setting up an SSH vpn between two linux
 masqing
>firewalls?  I need to have a tunnel between the two systems where
 data can
>be routed over it as if it were a gateway address (where the systems
 over
>the vpn have a different IP domain than the local ones).  The bottom
 line
>goal is to have the VPN allow us to, for example, telnet to the
 system and
>have the full IP packets routed over the tunnel (so we can use TCP,
 UDP,
>ICMP, whatever).  I'm having a hard time with the VPN-HOWTO, it
 seems like
>all you can do with those instructions is set up tunnels on a
 per-user, or
>per-port basis, which is too specific for what I need.  Any help
 would be
>appreciated.

You might consider FreeS/Wan rather than ssh. A couple of sites of
interest:

http://www.xs4all.nl/~freeswan
http://seawall.sourceforge.net

-Tom
--
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it

 questions"
Shoreline, Washington USA
 \___________________________________________

 
 
 

1. Network to Network IPSec VPN using RHEL/CentOS: separate VPN Router and LAN Gateway

Hi there,

I followed the RHEL documentation at
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
and was able to deploy network to network IPSec VPN between two
private networks, as long as I set the IPSec Routers to be the same as
the LAN gateways.

But according to the documentation, it is possible to have the IPSec
routers different from the LAN gateways. The image shown in the above
cited page shows it. Also, it is even clearer depicted in an older
documentation at http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-...
especially with this image:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-...

However, if I choose to have the Gateway different from the routers,
then in the /etc/sysconfig/network-scripts/ifcfg-ipsec1 file, I need
to specify the gateway IP address for SRCGW, which is different from
the IP address of the IPSec router itself.
Then I am not able to run the "ifup ipsec1" command and get the error
of "RTNETLINK answers: Invalid argument".

I googled around and people seemed to suggest that the SRCGW needs to
the local intranet IP for the IPSec Router itself. But is this true if
this router is different from the LAN gateway? Most likely, before the
VPN is setup, there is already a LAN gateway for each private network
which is functioning as a NAT and firewall. When VPN is introduced, we
may want to leave the gateway alone  and don't change the gateway
setup for any of the LAN host at all.  As long as the LAN gateway is
able to forward VPN request to the IPSec Router, this should also
work, right?

But how do I get around the "RTNETLINK answers: Invalid argument"
problem?
Thank you very much.

Shi

2. SuSe 8.0 Professional

3. Linux/Win2K Server As A Router vs. Linksys Router (BEFSR41)

4. new user sys admin question

5. SnapGear firewall, ADSL router and backup ISDN router

6. multiple rp-pppoe simultaneously

7. 1 Router or config hosts as routers

8. Mapping the windows key to a function

9. linux router Vs Linksys Router

10. Webserver behind provider router /local router

11. Linux setup as IPX router and TCP/IP router??

12. Linux router vs Netopia router on DSL

13. Linux setup as IPX router and TCP/IP router??