| Author |
Message |
thelongmile
Joined: 24 Aug 2009
Posts: 14
Location: Wales, UK
|
| Posted: Sun Feb 28, 2010 6:17 am Post subject: IPSec on debian |
|
|
I'm sorry, Im really sorry for what I'm about to ask.
I need to set up a VPN service for myself on my linode, but I don't want to use openvpn as this relies on an external client software for mac and pc, I'm also needing to run it on iPhone which supports IPSec, so....
How can i set up IPSec or PPTP or L2PT
I shall await flaming ...
Debian 5.0 x64
apache 2
php5
[/list] |
|
| Back to top |
|
MTecknology
Joined: 25 May 2009
Posts: 6
|
| Posted: Mon Mar 01, 2010 7:59 pm Post subject: PPTP |
|
|
I had a lot typed out but... wasn't worth sending after I read it.
I've never set up any VPN that wasn't hosted on a router though..
Personally, I'd go for OpenVPN. Even if you need an extra client to connect it's much less of a headache.
http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html |
|
| Back to top |
|
vonskippy
Joined: 27 Dec 2009
Posts: 468
Location: Colorado, USA
|
| Posted: Mon Mar 01, 2010 9:08 pm Post subject: |
|
|
Care to share why you think external (or additional) clients are evil?
I'm assuming you're ok with using a external html client (a web browser) a external Pop3/Imap client (a email client) and a external SSH client?
Except for the iphone (which needs to be jailbroke to work) the openvpn clients are small, stable, easy to install, and secure.
FYI: the pptp protocol has long since been cracked, and is considered to be only marginally secure.
You could skip the whole VPN thing and just use SSH with certs and tunnel whatever you need over that. Of course you'd need a SSH client. |
|
| Back to top |
|
pclissold
Joined: 24 Oct 2003
Posts: 877
Location: Netherlands
|
| Posted: Tue Mar 02, 2010 5:14 am Post subject: |
|
|
| Openswan will do what you need. Good guides to L2TP/IPsec here and here. |
|
| Back to top |
|
dfg
Joined: 20 Jul 2007
Posts: 2
Location: Norway
|
| Posted: Tue Mar 02, 2010 1:33 pm Post subject: |
|
|
I don't know how you should configure your Iphone, but I use ipsec with racoon for my vpn, and it has worked well for me. Was some work to set up, but mainly because I'm on a LAN behind a firewall. You'll find useful information in:
http://www.ipsec-howto.org/ipsec-howto.pdf
http://lartc.org/lartc.pdf
And the manual pages for:
racoon
racoon.conf
setkey
You may also want to tweak/make your own startup script for racoon and setkey. |
|
| Back to top |
|
sob
Joined: 04 May 2011
Posts: 35
|
| Posted: Wed May 04, 2011 8:04 pm Post subject: |
|
|
Hi,
I know the topic is a little old but my question fits perfectly so I'll just ask here.
The Linode is a Debian 6.0 amd64 with the default linode 2.6.38_amd64 kernel.
I'm trying to setup IPSEC in transport mode between two linodes in different data centers using the manual config as in ipsec-howto.org:
Code: #!/usr/sbin/setkey -f
flush;
spdflush;
# AH SAs using 128 bit long keys
add IP1 IP2 ah 0x200 -A hmac-md5 <key1>;
add IP2 IP1 ah 0x300 -A hmac-md5 <key2>;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add IP1 IP2 esp 0x201 -E 3des-cbc <key3>;
add IP2 IP1 esp 0x301 -E 3des-cbc <key4>;
# Security policies
spdadd IP2 IP1 any -P out ipsec esp/transport//require ah/transport//require;
spdadd IP1 IP2 any -P in ipsec esp/transport//require ah/transport//require;
The ouput when running is:
Code: $ setkey -f /etc/ipsec-tools.conf
The result of line 15: (null).
The result of line 16: (null).
The default linode kernel 2.6.38 seems to have the right options, but the spdadd commands fail. The same config works fine on a Debian 6.0 with the stock kernel somewhere else.
Any ideas? |
|
| Back to top |
|
sob
Joined: 04 May 2011
Posts: 35
|
| Posted: Fri May 06, 2011 1:28 pm Post subject: |
|
|
| no one uses IPSEC on linode? |
|
| Back to top |
|
| |
