Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 29260 Details for
Bug 30966
VPN Howto
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
First draft
tunnel.xml (text/plain), 5.62 KB, created by
Tiemo Kieft (RETIRED)
on 2004-04-14 10:18:56 UTC
(
hide
)
Description:
First draft
Filename:
MIME Type:
Creator:
Tiemo Kieft (RETIRED)
Created:
2004-04-14 10:18:56 UTC
Size:
5.62 KB
patch
obsolete
><?xml version='1.0' encoding="UTF-8"?> ><!-- $Header: $ --> ><!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> > ><guide link = "/doc/en/tunnel.xml"> ><title>Gentoolkit</title> > ><author title="Author"> > <mail link="blubber@gentoo.org">Tiemo Kieft</mail> ></author> > ><abstract> > This guide explains how to set up a tunnel between networks in > various ways. ></abstract> > ><license /> > ><version>0.1</version> ><date>April 10, 2004</date> > ><chapter> ><title>Introduction</title> > ><section> ><title>Introduction to tunnels</title> ><body><p/></body> ></section> > ><section> ><title>Case study</title> ><body> > <p> > We're going to use this case to explain the usage of various methods > to build tunnels between networks. > </p> > > <pre caption="Network structure"> >192.168.1.2 192.168.2.2 >------------| |------------ > | | >192.168.1.2 | 192.168.1.1 (router1) 192.168.2.1 (router2) | 192.168.2.3 >------------|---------------------=========---------------------|------------ > | 10.0.0.1 10.0.0.2 | >192.168.1.3 | | 192.168.2.4 >------------| |------------ > >|---------------------------------| |---------------------------------| > 192.168.1.0/24 192.168.2.0/24 > </pre> > > <p> > In the above diagram we see a network structure wich consists of 2 > seperate physical networks. The <c>=========</c> represents internet. > Both network consist of 3 workstations and a router. We are going to use > the tunneling software to connect to two routers in a secure fashion. > Both routers have both a "real" ip address in the subnet of there > respective networks, as well as a ip address that will be used for the > tunnel device (10.0.0.x). > </p> ></body> ></section> > ></chapter> > ><chapter> ><title>Virtual tunnels with VTun</title> > ><section> ><title>Introduction to VTun</title> ><body> > <p> > <uri link="http://vtun.sf.net">VTun</uri> is a piece of software that can > be used to make point-to-point tunnels over IP links. > </p> ></body> ></section> > ><section> ><title>Kernel configuration</title> ><body> > <p> > To use VTun you need the Universal TUN/TAP driver either as module or as > part of the kernel. > </p> > > <pre caption="Enabling the Universal TUN/TAP driver"> ><comment>For kernel 2.6 (</comment> >Device Drivers ---> >[*] Networking support > <*> Universal TUN/TAP device driver support ><comment>) > >For kernel 2.4 (</comment> ><comment>)</comment> > </pre> > > <p> > After you enable the TUN/TAP driver either as module or as part of the > kernel, compile the new kernel (and if you choose to make it part of the > kernel, reboot). > </p> > > <pre caption="Compiling the new kernel for 2.6 users"> ><comment>If you choose to compile as module:</comment> ># <i>make modules_install</i> ># <i>modules-update</i> ># <i>modprobe tun</i> > ><comment>If you choose to compile as part of the kernel:</comment> ># <i>mount /boot</i> ># <i>make install</i> ># <i>reboot</i> > </pre> > > <p> > The last kernel related step that has to be taken is the creation of a > tunnel device file: > </p> > > <pre caption="Creating a tunnel device file"> ># <i>mkdir /dev/net</i> ># <i>mknod /dev/net/tun c 10 200</i> > </pre> ></body> ></section> > ><section> ><title>Server configuration</title> ><body> > <p> > VTun works with a server and a client. Both use the same daemon, but the > server has more configuration options (like compressions and encryption). > In the above diagram <c>192.168.1.1</c> (<c>10.0.0.1</c>) will be the > server, and <c>192.168.2.1</c> (<c>10.0.0.2</c>) will be the client. > </p> > > <p> > VTun configuration is done with two seperate configuration files. > <path>/etc/vtund.conf</path> is used to configure the default option, and > sessions specific options. <path>/etc/vtund-start.conf</path> is used to > configure which sessions run as client and which run as server. We will > begin by looking at <path>vtund.conf</path>. > </p> > > <pre caption="A basic server configuration file"> >default { > type tun; > keepalive yes; >} > >mysession { > pass mysecretpassword; > proto tcp; > comp zlib:6; > encrypt yes; > up { > ifconfig "%% 10.0.1.1 pointopoint 10.0.1.2"; > }; > down { > ifconfig "%% down"; > }; >} > </pre> > > <p> > This file as two sections, <c>default</c> which (obviously) sets default > values. And <c>mysession</c> which contains information specific to > our session. As you can see a password is required to setup the tunnel, > this password is supplied in clear text, so the file should not be > world readable. Take a look at <c>man 5 vtund.conf</c> for more information > on configuring VTun. > </p> ></body> ></section> > ><section> ><title>client configuration</title> ><body> > <p> > The client configuration file is basically the same as the server file. I > removed all configuration options on which the client has no effect. > </p> > > <pre caption="A basic client configuration file"> >default { > type tun; > keepalive yes; >} > >mysession { > pass mysecretpassword; > proto tcp; > up { > ifconfig "%% 10.0.1.2 pointopoint 10.0.1.1"; > }; > down { > ifconfig "%% down"; > }; >} > </pre> > > <p> > Basically the only thing that changed is the "up" part, the ip addresses > are switched in this one. > </p> ></body> ></section> > ></chapter> > ></guide> > > > > > > > > > > > > > > > > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=29260">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 30966
: 29260
