[plug] IPSec / L2TP and VPNs

Adrian Woodley Adrian at ScreamingRoot.org
Mon Feb 7 18:26:29 WST 2005 

G'Day Steve,
       I run an IPsec based VPN between two offices. I spent a couple of 
months trying various different methods, both IPsec and non-IPsec based. 
My final setup uses in kernel IPsec support (in 2.6 kernels) and the 
Racoon keying server to manage the connections. Racoon was developed for 
one of the BSDs (NetBSD I think) and was subsequently ported to linux. 
In addition to the port, Debian as created a wizard style setup that 
makes connecting two Racoon/Debian systems very easy.

Regards,
Adrian

Steve Baker wrote:

> Hi Pluggers,
>
> I want to set up a VPN between our main office and another site.  The 
> two office networks have private IPs (192.168.100.xx and 
> 192.168.110.xxx) and the gateways/firewalls have public IPs.  
> Eventually there will be more site offices that will need to 
> communicate back to home base.
>
> Apparently I can set up an encrypted VPN purely with IPSec - can 
> anyone confirm that this is the case?  Or do I need to use L2TP also?  
> I've been reading some papers about this stuff, and it seems that I 
> just need to configure the kernel for IPSec, write up some relatively 
> simple config files, and it 'just works'.  Most of the information 
> I've found is a year or so old, so I'm not sure if it's still 
> current.  There are many references to FreeS/WAN (defunct) and 
> OpenS/WAN (not) but I'm not sure if I need to use the openswan bits or 
> just straight IPSec. Suggestions?
>
> I'm also not sure about what sort of entries I need to add to the 
> routing tables, if any.  Does the kernel 'just know' how to route 
> stuff through the VPN tunnel?  Or do I need to add a routing entry?
>
> Pointers to good quality and fairly thorough HOWTOs etc. would be 
> appreciated.
>
> Thanks.
> Steve
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20050207/a0ad17bf/attachment.pgp>

More information about the plug mailing list