Linode Forum :: IPSec on debian

Linode Forum https://forum.linode.com/

IPSec on debian https://forum.linode.com/viewtopic.php?f=19&t=5253	Page 1 of 1

Author:	thelongmile [ Sun Feb 28, 2010 7:17 am ]
Post subject:	IPSec on debian
I'm sorry, Im really sorry for what I'm about to ask. I need to set up a VPN service for myself on my linode, but I don't want to use openvpn as this relies on an external client software for mac and pc, I'm also needing to run it on iPhone which supports IPSec, so.... How can i set up IPSec or PPTP or L2PT I shall await flaming ... Debian 5.0 x64 apache 2 php5 [/list]

Author:	MTecknology [ Mon Mar 01, 2010 8:59 pm ]
Post subject:	PPTP
I had a lot typed out but... wasn't worth sending after I read it. I've never set up any VPN that wasn't hosted on a router though.. Personally, I'd go for OpenVPN. Even if you need an extra client to connect it's much less of a headache. http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html

Author:	vonskippy [ Mon Mar 01, 2010 10:08 pm ]
Post subject:
Care to share why you think external (or additional) clients are evil? I'm assuming you're ok with using a external html client (a web browser) a external Pop3/Imap client (a email client) and a external SSH client? Except for the iphone (which needs to be jailbroke to work) the openvpn clients are small, stable, easy to install, and secure. FYI: the pptp protocol has long since been cracked, and is considered to be only marginally secure. You could skip the whole VPN thing and just use SSH with certs and tunnel whatever you need over that. Of course you'd need a SSH client.

Author:	pclissold [ Tue Mar 02, 2010 6:14 am ]
Post subject:
Openswan will do what you need. Good guides to L2TP/IPsec here and here.

Author:	dfg [ Tue Mar 02, 2010 2:33 pm ]
Post subject:
I don't know how you should configure your Iphone, but I use ipsec with racoon for my vpn, and it has worked well for me. Was some work to set up, but mainly because I'm on a LAN behind a firewall. You'll find useful information in: http://www.ipsec-howto.org/ipsec-howto.pdf http://lartc.org/lartc.pdf And the manual pages for: racoon racoon.conf setkey You may also want to tweak/make your own startup script for racoon and setkey.

Author:

sob [ Wed May 04, 2011 9:04 pm ]

Post subject:

Hi,

I know the topic is a little old but my question fits perfectly so I'll just ask here.

The Linode is a Debian 6.0 amd64 with the default linode 2.6.38_amd64 kernel.

I'm trying to setup IPSEC in transport mode between two linodes in different data centers using the manual config as in ipsec-howto.org:

Code:

#!/usr/sbin/setkey -f

flush;
spdflush;

# AH SAs using 128 bit long keys
add IP1 IP2 ah 0x200 -A hmac-md5 <key1>;
add IP2 IP1 ah 0x300 -A hmac-md5 <key2>;

# ESP SAs using 192 bit long keys (168 + 24 parity)
add IP1 IP2 esp 0x201 -E 3des-cbc <key3>;
add IP2 IP1 esp 0x301 -E 3des-cbc <key4>;

# Security policies
spdadd IP2 IP1 any -P out ipsec esp/transport//require ah/transport//require;
spdadd IP1 IP2 any -P in ipsec esp/transport//require ah/transport//require;

The ouput when running is:

Code:

$ setkey -f /etc/ipsec-tools.conf
The result of line 15: (null).
The result of line 16: (null).

The default linode kernel 2.6.38 seems to have the right options, but the spdadd commands fail. The same config works fine on a Debian 6.0 with the stock kernel somewhere else.

Any ideas?

Author:	sob [ Fri May 06, 2011 2:28 pm ]
Post subject:
no one uses IPSEC on linode?

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/