by January 30, 2004 0 comments



The previous article explained the concept of Virtual Private Network (VPN) and gave the various options for servers, clients and VPN authentication usinf Linux. Here, we’ll prepare you for a VPN server installation. 

The Prerequisites
Here are a couple of things you need to do before proceeding.

Fix your Linux kernel 
Here, ensure that you have a kernel or kernel patch that supports IPSec. It’s already included in the SuSe and Mandrake (versions above 8.x) Linux distros. RedHat users are not so lucky as they don’t have a FreeS/WAN capable kernel. We will use Red Hat only for our setup and explain how to get it up and running. 

Install IPSec
Once you have installed the kernel patch, you need to install IPSec, which will provide the underlying VPN protocol. As with most Linux systems, this is achieved by installing a suitable RPM. In Red Hat, the IPSec patch to be deployed must be specific to your kernel version. To find your kernel version, type
uname -r on the shell command line.

Install the required patches
You may also need to install the following patches.

The X.509 Patch – This provides support for dynamic IP of the client to FreeS/WAN and another vitally important patch for L2TP connection. In our case, you will notice the above module already has the X.509 patch installed.

The Delete/Notification Patch – If you use FreeS/WAN above 2.0, you won’t need to apply this patch. It allows the client and server to take down the IPSec connection, specially useful for MSL2TP. Some mailing lists on the net claim, that this patch comes in handy, if you need the VPN connection running for hours.

The NAT/Traversal Patch – There are times, when you will need to have a NATed IP working through your VPN, this is not supported by IPSec in its native format. However, application of this patch will allow you to implement the same.

The MSL2TP Patch – This enables your MSL2TP protocol to work. Refer to the section under options for client, for more information on this.

For our case, we will use a package that allows us to do the above three things in one package. It patches the kernel, Installs IPSec, and Installs the X.509 patch.

Go to the site http://download.freeswan. ca/freeswan-x 509/RedHat-RPMs/2.04/, download the RPMs that match your kernel version. Since we tested ours on RH 9.0, with an upgraded kernel of 2.4-20-24.9, we downloaded the following
rpms: 

Freeswan-userland-2.04_x509_1.4.8_2.4.20_ 24.90.i386.rpm
Freeswan-module-2.04_x509_1.4.8_2.4.20_24.9-0.i386.rpm

These can be installed using the rpm -ivh <rpm name> command.

The current version for FreeS/Wan is 2.04. Avoid using other 2.xx versions below this one, as they are buggy. 

Next, you need to download and install the L2TP server from www.jacco2.dds.nl/networking/
RPMS/ RedHat9.0/l2tpd-0.69-8jdl.i386.rpm.

Lastly, install the PPP server, and openssl. All these patches are also available in a single package called Super FreeS/WAN. This is still in beta though, but we have reports that it works. You can download it from
www.freeswan.ca/code/super-freeswan/beta/. In our next article, we’ll talk about configuring FreeS/WAN for the road warrior and net-to-net configurations. 

Alok Sinha

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<