Virtual Private Networks
Preface
This Page is also available in German.
Diese Seite ist auch auf deutsch verfügbar.
Definition
A regular phyiscally existing network consisting of cables and routers/switches/etc is called a network. You run the various known internet protocols layer 1-4 on it. You can also use those protocols to emulate a virtual network. If you secure your tunnel as well with various encryption methods one might call the tunneled data a virtual private network. This is used in various scenarios, mostly for tunneling sensitive information over an inherently insecure architecture - for example to connect two corporate LANs over the internet.
Theory
Virtualization in mostl environments is done in layer 2 (IP). You tunnel the data of the virtual network encapsulated in IP-Packets for example.
Implementation
OpenVPN
PPTP (Microsoft)
Preface
How does it work?
Authentication
Encryption
Servers
Implementation Windows
Implementation Linux
The implementation basically consists of three parts: First of all the PPTP-daemon that ist needed to handle the PPTP-connections. Second a PPP-daemon that is needed to dial into the network from the remote site. Last but not least you might want to encrypt your PPTP-Datatunnel. This is accomplished on PPP-Level with mppe. Since it isn't secure and announced obsolete by Microsoft there is no strong will to implement support into the Linuxkernel itself, so you have to patch your kernel to get the module.
Poptop - The PPTP Server for Linux
I used Debian Sarge as a base system. Your mileage may vary on different platforms, the Setup on a Debian-machine is pretty straight forward. This Howto explains everything step by step:
For the mppe-patch you might wanna use this howto:
I can confirm this to be perfectly working on the current sarge-kernel (2.6.8-2). You might want to make a menuconfig oder oldconfig to ensure that MPPE-support is being built.
Just configure
/etc/modules.conf /etc/pptpd.conf /etc/ppp/options.pptpd /etc/ppp/chap-secrets
to your needs. You can find some help here:
modules.conf and chap-secrets don't need to be explained here and also options.pptpd needs only a few adjustments for your personal setup. Check that the name of the service is correctly referenced in both options.pptpd and chap-secrets. The most interesting file is pptpd.conf. The options you should have a closer look at are
bcrelay <if> localip/remoteip
Check that your router is correcty routing VPN-clients between ppp0 and eth0.
Clients
Windows
Linux
pptclient
MacOS
Mac OS X supports VPN-Connections out the box since 10.3. Included are Clients for PPTP and L2TP over IPSec. Unfortunately, not all of the major open source clients seems to have been ported to this platform. But the 10.3+ Clients are well integrated into the OS and provide a basic level functionality that should be sufficient. The onboard-Clients are available via "Internet Connect.app" where you can setup new VPN-Connections.