OpenVpn aplh h dyskolh erwtish..?

karoto at alphait.gr karoto at alphait.gr
Mon Feb 9 14:17:12 EET 2004 

Prin efarmosw ola auta empaina mesa , eblepa olous ypologistes , eixes 
ka8isterisei na mou apantiseis opote eixa brei mia lysh me to proxyarp kai ena 
mikro firewall configuration , parola auta , blepw to diktio olo pleon kanw 
ping me megali ka8isterish omws (56k) px:
ping 192.168.1.1 -l 5000 opou einai o server merikes fores ta paketa den pane 
kan otan pane mou leei 3814 ms :)) alles fores sta 1540ms..
blepw samba de mporw na sinde8w omws se basi dedomenon pou trexei ena 
sigkekrimeno pc , px 
192.168.1.110 einai ena win/2000 server 
192.168.1.27 ip pou pernei eswterika kai kanei p-to-p me thn 192.168.1.200
ta config files mou einai auta

/etc/pptpd.conf << EOF

speed 115200
option /etc/ppp/options.pptpd
debug
localip 192.168.1.27
remoteip 192.168.1.200-205
listen 194.219.190.50

EOF

/etc/ppp/options.pptpd << EOF

name dias

lock
dump
logfd 2
#debug
#logfile /var/log/pptpd.log
proxyarp

auth
require-mschap-v2
require-mppe-128

#noccp
#novj
#novjccomp
nopcomp
noaccomp
nobsdcomp
deflate 0

#ipparam 192.168.1.0


EOF

Kai sto Firewall

/etc/sysconfig/iptables << EOF

# Generated by iptables-save v1.2.8 on Sat Feb  7 10:50:06 2004
*nat
:PREROUTING ACCEPT [52:5892]
:POSTROUTING ACCEPT [12:1092]
:OUTPUT ACCEPT [79:5845]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Sat Feb  7 10:50:06 2004
# Generated by iptables-save v1.2.8 on Sat Feb  7 10:50:06 2004
*filter
:INPUT ACCEPT [306:35482]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [367:60297]
-A FORWARD -i eth1 -j ACCEPT 
COMMIT
# Completed on Sat Feb  7 10:50:06 2004
# Generated by iptables-save v1.2.8 on Sat Feb  7 10:50:06 2004
*mangle
:PREROUTING ACCEPT [355:38618]
:INPUT ACCEPT [306:35482]
:FORWARD ACCEPT [49:3136]
:OUTPUT ACCEPT [367:60297]
:POSTROUTING ACCEPT [418:63752]
COMMIT
# Completed on Sat Feb  7 10:50:06 2004

EOF

eth0 = public ip
eth1 = 192.168.1.1
kai fisika to /etc/ppp/chap-secrets pou ekei den exw problima ..

Mhpws 8a eprepe na kanw forward gia ka8e porta sigkekrimena se ka8e mixanima? 
h bash dedomenwn pou douleuei o win/2000 Einai Sybase kai trexei sthn porta 
2638 .. ean sou einai eukolo 8a me dieukoline poly to config tou firewall sou..
Euxaristw gia thn boh8eia


Αρχικό μήνυμα από  George Paschos <paschos at cosmoline.com>:

> Kalimera,
> 
> Logika exeis kanei kapoia "klasika" lathakia. Tsekare ta eksis:
> 
> Sto /etc/pptp.conf to "local ip" na einai to 192.168.1.1 (to eth tou fw
> diladi, sto diktio pou thes  na mpeis)
> Akomi, an kai doulevei kai diaforetika, kane reserve kammia 10aria ips apo
> to 192.168.1.0 diktio sou kai vale ta clients na pairnoun apo kei ip (Sto
> /etc/pptp.conf to "remote ip")
> 
> Episis, sto /etc/ppp/pptp-options (i opos to exeis esi telos panton,  i
> parametros "option" tou pptp.conf), na exei to "proxyarp" kai kalo einai na
> exei episis to "mppe-stateless" i "nomppe-stateful" analoga me tin version
> to pppd pou exeis.
> 
> Oson afora ta iptables rules kai to pptp connection sto fw apo to ekso
> kosmo, mporeis na valeis ta eksis:
> 
> 
> # Gia to control connection sto internet interface (tcp 1723)
> $IPTABLES -A INPUT --in-interface $OUTSIDE --protocol tcp --dst $OUTSIDE_IP
> --dport 1723 --match state --state NEW,ESTABLISHED
>  --jump ACCEPT
> $IPTABLES -A OUTPUT --protocol tcp --src $OUTSIDE_IP --sport 1723 --match
> state --state ESTABLISHED --jump ACCEPT
> # Gia to tunnel (GRE)
> $IPTABLES -A INPUT --in-interface $OUTSIDE --protocol gre --dst $OUTSIDE_IP
> --match state --state RELATED,ESTABLISHED --jump ACCEPT
> $IPTABLES -A OUTPUT --out-interface $OUTSIDE --protocol gre --src
> $OUTSIDE_IP --match state --state RELATED,ESTABLISHED --jump ACCEPT
> #
> 
> Ayta. An kai pali exeis provlima me ta clients, pes mou na steilw kai ta
> conf.
> 
> 
> Giorgos
> 
> > -----Original Message-----
> > From: linux-greek-users-bounces at lists.hellug.gr [mailto:linux-greek-users-
> > bounces at lists.hellug.gr] On Behalf Of Karoto *Alpha Information*
> > Sent: Saturday, February 07, 2004 3:08 AM
> > To: 'George Paschos'; linux-greek-users at hellug.gr
> > Subject: RE: OpenVpn aplh h dyskolh erwtish..?
> > 
> > Geia sou file se euxaristw gia thn boh8eia sou .. ok to esteisa to
> > PopTop me mppe-128 bit encryption , exm exw ena problimataki de jerw
> > giati omws..
> > Sindeomai mesa to vpn blepw to tunnel alla de mporw na dw OLO to subnet
> > tou eswterikou diktuou , px sto 192.168.1.0/24 blepw mono to 192.168.1.1
> > pou einai ousiastika o server tis alles ip 192.168.1.2 .. 1.3 .. 1.4 +oo
> > den tis blepw :(
> > Prepei na ta exw skastosei me to firewall mipws sou einai eukolo na mou
> > steileis ta configuration sou na ta rijw mia matia na dw ti exw kanei
> > la8os? Se euxaristw.
> > 
> > 
> > Life ain't a game
> > Your Original! KAROTOR
> > Respect!
> > 
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > 
> > mQGiBD78yS0RBADhr2+nkrtARrtbs+zkQ5Mq3PSSnP+ql5yzxXoWOH4AxO0FnvL+
> > h6VepsHHTMq5jtYOnLtRzRkbyLSdZ81yHjFaNoFWCOe9PqUZA2mZZ+XN1JSGv/cU
> > PdIKPMa/G6QZeTu5rsGtpy88rEAyg8TUz01mA8RKJu0Rv1UudyjIixnX1wCg/w3k
> > kZrU65CdIPzC4c6JS4dt7wEEAN70alSt94YohWbQBLouzqclqOhga33ILpIXSmB4
> > RmYQ6ctmrw+LWuw50frnOci0ag8qe1+7w1yTAX76sW0xcha+SREYZmq/ORM8XAfm
> > TE1F7eqbkkDf0X6qscjN2AMXebXUKOKRWzMpc/qgcJqIRnE2Diyf/u3qLUHe4fxS
> > CJNhA/9X9JUcHXl91PTcglkV0DAiM/CjnRuT5PDlngqNaxnsHOudCtIehIOpw3Dh
> > 8aFYUJzGIoOD87seqYi1s0UwdsMs5S3kBhLq2GnhStnmQOrvzu+DcWlfSoWnCfZA
> > IE+2ql49H9jPM964l11/n7hQH09Ph2mThGBQQqW3B3PEl6E2+7QmUGFuYWdpb3Rp
> > cyBHcm9pZGlzIDxrYXJvdG9AYWxwaGFpdC5ncj6JAFcEEBECABcFAj78yS0HCwkI
> > BwMCCgIZAQUbAwAAAAAKCRBv5mdgXjdVjmVQAKDMcih8E2DIn//40h9W7AhXmdMQ
> > aQCfUHbV7OQ5mjpwO4TJQO8of5LO7BO5Ag0EPvzJLRAIAPZCV7cIfwgXcqK61qlC
> > 8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh
> > 01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscB
> > qtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFst
> > jvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISn
> > CnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVeky
> > CzsAAgIIAKSPsHGkANxdFOJeUTtGdicMhN13CcHuB5bstZq1A6xesaAv6055nXLz
> > cZX784ybBKD10OCLsIffY0CE4DdP4mu+aqYIwiRB5HivsoMur0+RAKlSZ6IjIpwF
> > H3B7JnL4Frr8dfSQOMe19iaSKBAKnWjdYjw69RKzaxGipq9RjkBOMedod80uvKle
> > VJvGt3XUufyVM0v5asczy5wgnx4D2aathYEL4P88OT91nkibaHrX8v60FtKZjITr
> > qQCkprJNIq3hb+YD5jxur1Pe7GS/PCN4PMjP0PLWGacMf96N+BflBdFkj++8UVzZ
> > W9lUFE8ZGrT9l0pjkzJKwU6kXjogWPqJAEwEGBECAAwFAj78yS0FGwwAAAAACgkQ
> > b+ZnYF43VY6O9QCePR5ZWrItTVhMvce189TVfKlutlgAnRIwzfMfkKCyepo2iMNW
> > CrVC0BGa =KUpd
> > 
> > -----END PGP PUBLIC KEY BLOCK-----
> > 
> > -----Original Message-----
> > From: George Paschos [mailto:paschos at cosmoline.com]
> > Sent: Thursday, February 05, 2004 10:36 AM
> > To: linux-greek-users at hellug.gr
> > Subject: RE: OpenVpn aplh h dyskolh erwtish..?
> > 
> > Vasika gia to proto pou anafereis i pio eykoli lisi (pou doulevei
> > kiolas)
> > einai na paikseis me pptp mias kai to client einai builtin sta
> > win98/2k/xp,
> > to idio to DUN kai kaneis ola ayta pou zitas.
> > 
> > To mono pou thelei ligo ftiaksimo, einai na kaneis to linux sou na
> > milaei
> > MPPE (ms point-to-point encryption), pou milane ta windows gia na
> > termatizeis to vpn.
> > 
> > Ayta pou tha xreiasteis sto linux sou einai:
> > 1. na valeis ton pptpd
> > 2. na valeis enan pppd patcharismeno gia mppe (an kai ta pio polla
> > distros
> > ton exoun etsi idi)
> > 3. na patchareis to kernoula gia na apoktiseis to mppe module.
> > 
> > An googliseis ligo me "mppe linux" tha vreis oti xreiazese.
> > 
> > To doulevo kata koron se 2.4.22-24 & 2.6.0-1
> > 
> > An exeis debian MIN xrisimopoiiseis to patch pou vriskeis apo to apt.
> > 
> > Gia to openvpn den exw apopsi, gia to freeswan pistevo oti einai poli
> > mperdema gia ayto pou thes na kaneis. Genika einai kalitera na skeftese
> > IPSEC gia net-to-net tunnels.
> > 
> > An se apasxolisei to IPSEC kai net-to-net, imho, kalitera na paikseis me
> > 2.6.x kai me to linux port tou KAME (apo to freebsd).
> > 
> > Tespa, an koliseis kapou me to pptp afou patchareis kernel, ktl. pes na
> > sou
> > kanw post conf files, ktl. i kai ta iptables rules pou tixon xreiazese.
> > 
> > Telos, an to fw sou den einai stimeno akoma, des to Gibraltar
> > (www.gibraltar.at) ena fw-router-vpn-ktl. oriented cd based distro (stin
> > ousia debian) pou exei ta panta etoima (patches, ktl) gia tetoies
> > doulies.
> > Einai open kai free (ektos an thes kai to web conf interface pou to
> > agorazeis). Einai ekseretiko kai to xrisimopoio xoris provlima se ISP
> > class
> > perivalon.
> > 
> > 
> > Genika den apantisa akrivos stin erwtisi sou, alla tin doulia pou thes
> > tha
> > tin kaneis :)
> > 
> > HTH,
> > 
> > Giorgos Paschos
> > 
> > 
> > 
> > 
> > > -----Original Message-----
> > > From: linux-greek-users-bounces at lists.hellug.gr
> > [mailto:linux-greek-users-
> > > bounces at lists.hellug.gr] On Behalf Of Karoto *Alpha Information*
> > > Sent: Thursday, February 05, 2004 12:32 AM
> > > To: linux-greek-users at lists.hellug.gr
> > > Subject: OpenVpn aplh h dyskolh erwtish..?
> > >
> > > Geia sas paidia mprabw sto support team ths hellug kanei ekpliktikh
> > > douleia.. euxomai h epomenh infosystem na ginei grigora kai na
> > > mazeutoune kai alla paidia..anyway..akouste to erwtima mou..
> > >
> > > 8a h8ela ws kiria apopsh na me diafotisete me to 8ema tou VPN , me
> > > apasxolei kairo , Basika eimai se dilima me to an telika prepei na
> > > xrisimopoihsw mia olokliromenh lisi opws enan cisco router kai na exw
> > > ola ta pronomia kai ta kaloupia tou , h an einai na xrisimopoihsw mia
> > > lish open source..
> > >
> > > Katelija sto simperasma oti yparxoune arketa programmata na asxoli8ei
> > > kaneis me to VPN dyo omws einai ta kalitera to FreeSwan kai to OpenVPN
> > > (h oxi?) , kai ta duo exoune kala kai kaka..
> > >
> > > Ua h8ela na mou peite san empiroi xristes ti 8a protimousate kai
> > giati?
> > > Basika auto pou 8elw na kanw einai se prwth fash , na exw enan Linux
> > > server kai apo ejw winxp/2000 mhxanaki , kai pisw apo ton linux ena
> > > intranet 192.168.x.x kai ENAS mono xristis na mpainei apo ejw na
> > > ftiaxnei ena tunnel kai meta na sikwnei routing sto eswteriko diktyo..
> > >
> > > Se deuterh fash 8a me endiefere kati tetei na ginete me perisotera
> > atoma
> > > px 10
> > > To openvpn mou arese apo thn apopsh oti einai eukolo kai de 8elei
> > kapio
> > > idietero compilation kai den apasxoleis ton kernel , apo thn allh omws
> > > den douleuei IpSec , h L2TP pou prosferoune etoima ta win/xp/2000
> > (esto
> > > me kapoio patch) jerw pws poloi apo esas 8a mou peite oti to ipsec
> > einai
> > > mia apotixia kai oti exei polla flaws apo security .. de jerw ilikrina
> > > exw mperdeutei..To freeSwan pantos akoma de mporesa na to sikwsw
> > swsta..
> > >
> > > O xristis pou 8a mpainei apo ejw me endiaferei na pernei eswterikh ip
> > > tou diktiou , h estw na blepei ta mixanimata me eswterikh ip , etsi
> > wste
> > > na douleuei Samba , windowsNT terminals , ssh.
> > >
> > > Kai kati akoma pou 8a 8ela na gnorizw , yparxei tropos na doulepsei to
> > > OpenVPN me username kai passwords? Kai an nai pws?
> > >
> > > Euxaristw poly.
> > >
> > 
> > 
> > 
> > 
> 
> 
> 




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

More information about the Linux-greek-users mailing list