OpenVpn aplh h dyskolh erwtish..?
George Paschos
paschos at cosmoline.com
Mon Feb 9 08:32:50 EET 2004
Kalimera,
Logika exeis kanei kapoia "klasika" lathakia. Tsekare ta eksis:
Sto /etc/pptp.conf to "local ip" na einai to 192.168.1.1 (to eth tou fw
diladi, sto diktio pou thes na mpeis)
Akomi, an kai doulevei kai diaforetika, kane reserve kammia 10aria ips apo
to 192.168.1.0 diktio sou kai vale ta clients na pairnoun apo kei ip (Sto
/etc/pptp.conf to "remote ip")
Episis, sto /etc/ppp/pptp-options (i opos to exeis esi telos panton, i
parametros "option" tou pptp.conf), na exei to "proxyarp" kai kalo einai na
exei episis to "mppe-stateless" i "nomppe-stateful" analoga me tin version
to pppd pou exeis.
Oson afora ta iptables rules kai to pptp connection sto fw apo to ekso
kosmo, mporeis na valeis ta eksis:
# Gia to control connection sto internet interface (tcp 1723)
$IPTABLES -A INPUT --in-interface $OUTSIDE --protocol tcp --dst $OUTSIDE_IP
--dport 1723 --match state --state NEW,ESTABLISHED
--jump ACCEPT
$IPTABLES -A OUTPUT --protocol tcp --src $OUTSIDE_IP --sport 1723 --match
state --state ESTABLISHED --jump ACCEPT
# Gia to tunnel (GRE)
$IPTABLES -A INPUT --in-interface $OUTSIDE --protocol gre --dst $OUTSIDE_IP
--match state --state RELATED,ESTABLISHED --jump ACCEPT
$IPTABLES -A OUTPUT --out-interface $OUTSIDE --protocol gre --src
$OUTSIDE_IP --match state --state RELATED,ESTABLISHED --jump ACCEPT
#
Ayta. An kai pali exeis provlima me ta clients, pes mou na steilw kai ta
conf.
Giorgos
> -----Original Message-----
> From: linux-greek-users-bounces at lists.hellug.gr [mailto:linux-greek-users-
> bounces at lists.hellug.gr] On Behalf Of Karoto *Alpha Information*
> Sent: Saturday, February 07, 2004 3:08 AM
> To: 'George Paschos'; linux-greek-users at hellug.gr
> Subject: RE: OpenVpn aplh h dyskolh erwtish..?
>
> Geia sou file se euxaristw gia thn boh8eia sou .. ok to esteisa to
> PopTop me mppe-128 bit encryption , exm exw ena problimataki de jerw
> giati omws..
> Sindeomai mesa to vpn blepw to tunnel alla de mporw na dw OLO to subnet
> tou eswterikou diktuou , px sto 192.168.1.0/24 blepw mono to 192.168.1.1
> pou einai ousiastika o server tis alles ip 192.168.1.2 .. 1.3 .. 1.4 +oo
> den tis blepw :(
> Prepei na ta exw skastosei me to firewall mipws sou einai eukolo na mou
> steileis ta configuration sou na ta rijw mia matia na dw ti exw kanei
> la8os? Se euxaristw.
>
>
> Life ain't a game
> Your Original! KAROTOR
> Respect!
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mQGiBD78yS0RBADhr2+nkrtARrtbs+zkQ5Mq3PSSnP+ql5yzxXoWOH4AxO0FnvL+
> h6VepsHHTMq5jtYOnLtRzRkbyLSdZ81yHjFaNoFWCOe9PqUZA2mZZ+XN1JSGv/cU
> PdIKPMa/G6QZeTu5rsGtpy88rEAyg8TUz01mA8RKJu0Rv1UudyjIixnX1wCg/w3k
> kZrU65CdIPzC4c6JS4dt7wEEAN70alSt94YohWbQBLouzqclqOhga33ILpIXSmB4
> RmYQ6ctmrw+LWuw50frnOci0ag8qe1+7w1yTAX76sW0xcha+SREYZmq/ORM8XAfm
> TE1F7eqbkkDf0X6qscjN2AMXebXUKOKRWzMpc/qgcJqIRnE2Diyf/u3qLUHe4fxS
> CJNhA/9X9JUcHXl91PTcglkV0DAiM/CjnRuT5PDlngqNaxnsHOudCtIehIOpw3Dh
> 8aFYUJzGIoOD87seqYi1s0UwdsMs5S3kBhLq2GnhStnmQOrvzu+DcWlfSoWnCfZA
> IE+2ql49H9jPM964l11/n7hQH09Ph2mThGBQQqW3B3PEl6E2+7QmUGFuYWdpb3Rp
> cyBHcm9pZGlzIDxrYXJvdG9AYWxwaGFpdC5ncj6JAFcEEBECABcFAj78yS0HCwkI
> BwMCCgIZAQUbAwAAAAAKCRBv5mdgXjdVjmVQAKDMcih8E2DIn//40h9W7AhXmdMQ
> aQCfUHbV7OQ5mjpwO4TJQO8of5LO7BO5Ag0EPvzJLRAIAPZCV7cIfwgXcqK61qlC
> 8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh
> 01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscB
> qtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFst
> jvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISn
> CnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVeky
> CzsAAgIIAKSPsHGkANxdFOJeUTtGdicMhN13CcHuB5bstZq1A6xesaAv6055nXLz
> cZX784ybBKD10OCLsIffY0CE4DdP4mu+aqYIwiRB5HivsoMur0+RAKlSZ6IjIpwF
> H3B7JnL4Frr8dfSQOMe19iaSKBAKnWjdYjw69RKzaxGipq9RjkBOMedod80uvKle
> VJvGt3XUufyVM0v5asczy5wgnx4D2aathYEL4P88OT91nkibaHrX8v60FtKZjITr
> qQCkprJNIq3hb+YD5jxur1Pe7GS/PCN4PMjP0PLWGacMf96N+BflBdFkj++8UVzZ
> W9lUFE8ZGrT9l0pjkzJKwU6kXjogWPqJAEwEGBECAAwFAj78yS0FGwwAAAAACgkQ
> b+ZnYF43VY6O9QCePR5ZWrItTVhMvce189TVfKlutlgAnRIwzfMfkKCyepo2iMNW
> CrVC0BGa =KUpd
>
> -----END PGP PUBLIC KEY BLOCK-----
>
> -----Original Message-----
> From: George Paschos [mailto:paschos at cosmoline.com]
> Sent: Thursday, February 05, 2004 10:36 AM
> To: linux-greek-users at hellug.gr
> Subject: RE: OpenVpn aplh h dyskolh erwtish..?
>
> Vasika gia to proto pou anafereis i pio eykoli lisi (pou doulevei
> kiolas)
> einai na paikseis me pptp mias kai to client einai builtin sta
> win98/2k/xp,
> to idio to DUN kai kaneis ola ayta pou zitas.
>
> To mono pou thelei ligo ftiaksimo, einai na kaneis to linux sou na
> milaei
> MPPE (ms point-to-point encryption), pou milane ta windows gia na
> termatizeis to vpn.
>
> Ayta pou tha xreiasteis sto linux sou einai:
> 1. na valeis ton pptpd
> 2. na valeis enan pppd patcharismeno gia mppe (an kai ta pio polla
> distros
> ton exoun etsi idi)
> 3. na patchareis to kernoula gia na apoktiseis to mppe module.
>
> An googliseis ligo me "mppe linux" tha vreis oti xreiazese.
>
> To doulevo kata koron se 2.4.22-24 & 2.6.0-1
>
> An exeis debian MIN xrisimopoiiseis to patch pou vriskeis apo to apt.
>
> Gia to openvpn den exw apopsi, gia to freeswan pistevo oti einai poli
> mperdema gia ayto pou thes na kaneis. Genika einai kalitera na skeftese
> IPSEC gia net-to-net tunnels.
>
> An se apasxolisei to IPSEC kai net-to-net, imho, kalitera na paikseis me
> 2.6.x kai me to linux port tou KAME (apo to freebsd).
>
> Tespa, an koliseis kapou me to pptp afou patchareis kernel, ktl. pes na
> sou
> kanw post conf files, ktl. i kai ta iptables rules pou tixon xreiazese.
>
> Telos, an to fw sou den einai stimeno akoma, des to Gibraltar
> (www.gibraltar.at) ena fw-router-vpn-ktl. oriented cd based distro (stin
> ousia debian) pou exei ta panta etoima (patches, ktl) gia tetoies
> doulies.
> Einai open kai free (ektos an thes kai to web conf interface pou to
> agorazeis). Einai ekseretiko kai to xrisimopoio xoris provlima se ISP
> class
> perivalon.
>
>
> Genika den apantisa akrivos stin erwtisi sou, alla tin doulia pou thes
> tha
> tin kaneis :)
>
> HTH,
>
> Giorgos Paschos
>
>
>
>
> > -----Original Message-----
> > From: linux-greek-users-bounces at lists.hellug.gr
> [mailto:linux-greek-users-
> > bounces at lists.hellug.gr] On Behalf Of Karoto *Alpha Information*
> > Sent: Thursday, February 05, 2004 12:32 AM
> > To: linux-greek-users at lists.hellug.gr
> > Subject: OpenVpn aplh h dyskolh erwtish..?
> >
> > Geia sas paidia mprabw sto support team ths hellug kanei ekpliktikh
> > douleia.. euxomai h epomenh infosystem na ginei grigora kai na
> > mazeutoune kai alla paidia..anyway..akouste to erwtima mou..
> >
> > 8a h8ela ws kiria apopsh na me diafotisete me to 8ema tou VPN , me
> > apasxolei kairo , Basika eimai se dilima me to an telika prepei na
> > xrisimopoihsw mia olokliromenh lisi opws enan cisco router kai na exw
> > ola ta pronomia kai ta kaloupia tou , h an einai na xrisimopoihsw mia
> > lish open source..
> >
> > Katelija sto simperasma oti yparxoune arketa programmata na asxoli8ei
> > kaneis me to VPN dyo omws einai ta kalitera to FreeSwan kai to OpenVPN
> > (h oxi?) , kai ta duo exoune kala kai kaka..
> >
> > Ua h8ela na mou peite san empiroi xristes ti 8a protimousate kai
> giati?
> > Basika auto pou 8elw na kanw einai se prwth fash , na exw enan Linux
> > server kai apo ejw winxp/2000 mhxanaki , kai pisw apo ton linux ena
> > intranet 192.168.x.x kai ENAS mono xristis na mpainei apo ejw na
> > ftiaxnei ena tunnel kai meta na sikwnei routing sto eswteriko diktyo..
> >
> > Se deuterh fash 8a me endiefere kati tetei na ginete me perisotera
> atoma
> > px 10
> > To openvpn mou arese apo thn apopsh oti einai eukolo kai de 8elei
> kapio
> > idietero compilation kai den apasxoleis ton kernel , apo thn allh omws
> > den douleuei IpSec , h L2TP pou prosferoune etoima ta win/xp/2000
> (esto
> > me kapoio patch) jerw pws poloi apo esas 8a mou peite oti to ipsec
> einai
> > mia apotixia kai oti exei polla flaws apo security .. de jerw ilikrina
> > exw mperdeutei..To freeSwan pantos akoma de mporesa na to sikwsw
> swsta..
> >
> > O xristis pou 8a mpainei apo ejw me endiaferei na pernei eswterikh ip
> > tou diktiou , h estw na blepei ta mixanimata me eswterikh ip , etsi
> wste
> > na douleuei Samba , windowsNT terminals , ssh.
> >
> > Kai kati akoma pou 8a 8ela na gnorizw , yparxei tropos na doulepsei to
> > OpenVPN me username kai passwords? Kai an nai pws?
> >
> > Euxaristw poly.
> >
>
>
>
>
More information about the Linux-greek-users
mailing list