Scribd
Upload
22 views16 pages

Basic VPN

This document discusses using SSH and PPP to create a simple VPN, or "poor person's VPN", for connecting remote sites over the Internet securely. It explains what VPNs are, different tunneling technologies like IPSec and SSH, how to set up SSH to allow secure connections, how to configure PPP, and provides a script called "footunnel" that automates the process of creating the VPN connection between two systems using SSH and PPP. An example use case of connecting a remote work or home system via a wireless connection is provided.

Uploaded by

raj e
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
22 views16 pages

Basic VPN

This document discusses using SSH and PPP to create a simple VPN, or "poor person's VPN", for connecting remote sites over the Internet securely. It explains what VPNs are, different tunneling technologies like IPSec and SSH, how to set up SSH to allow secure connections, how to configure PPP, and provides a script called "footunnel" that automates the process of creating the VPN connection between two systems using SSH and PPP. An example use case of connecting a remote work or home system via a wireless connection is provided.

Uploaded by

raj e
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 16

The Poor Person's VPN

Or is it “The Lazy Person's VPN”?

Hugh Mahon - [email protected]


What is a VPN?

There are two ways to connect remote sites:
– Use a dedicated line (a private network).
– Use the Internet.

Not private, so need to secure the connection.

Want to keep internal network hidden from Internet.

Want to allow two sites to access LAN at each site as if
part of same network.

The secure access using the Internet instead of a dedicated
line is what makes it a Virtual, Private Network.
Why VPNs?

Connect two sites.

Allow remote access by individual users.
Two Sites
Two Sites – One Virtual Site
Tunnel Technologies

IPSec

CIPE

PPTP

SSH + PPP
What is SSH?

Secure Shell (think encrypted telnet).

Allows secure access across the Internet.

Can also provide tunneling of individual ports.
– e.g., Allow X11 to securely pass back to remote
system.

Can act as transport for ppp.
PPP

Point-to-Point Protocol
– Usually used with serial connections.
– Provides IP connection between two points.

Establishes IP address at both ends of connection.

IP traffic can be routed over PPP connection.
Setting up SSH

Set up shared keys on both systems:
– This allows connecting without using the password to
the account on the remote system.
– Can use a passphrase for the key or not.
– Can use different kinds of keys (e.g., RSA, DSA)
– Command is: ssh-keygen
– Edit 'authorized_keys' file on each system to enable
access by other system
Setting up PPP

Make sure pppd is setuid.

Have /etc/pppd/options contain:
– lock
– noauth

Optional: set up /etc/ppp/ip-up.local to establish
routing to remote network.

Make sure to move any ~/.ppprc files out of the
way.
Making it simple: footunnel

A script that does the job of starting the VPN
– starts ssh and ppp

Usage:
– footunnel [-u user] [-l local-addr] [-r addr] remotesys
The script: footunnel

Gets the passphrase for ssh.

Starts pppd
– Starts pppd on remote system via ssh connection,
which is the secure transport for the tunnel.

Monitors the connection.

Cleans up when connection is torn down (i.e.,
stops ssh-agent).
Simple Performance comparison

No VPN Copy w/ VPN Mid-transfer End of transfer


time=6 sec. time = 58 sec.
File size=17,515 kB
Uses for the script

Site to site.

Home to work.

Work to home.

Wireless connection.
Wireless Example
Resources

Book: “Building Linux Virtual Private Networks
(VPNs)” - Oleg Kolesnikov, Brian Hatch; published by
New Riders

www.buildinglinuxvpns.com (for above book)

VPN-HOWTO

http://vpn.shmoo.com/vpn/FAQ.html

For IPSec: www.freeswan.org

For CIPE: http://sites.inka.de/bigred/devel/cipe.html

For SSH: www.openssh.org

mahon.cwx.net

You might also like