[TriLUG] VTun festival of pain

[Ken Mink]

Hey Rob,
  We use vtun as our vpn at my office. The actual vtun stream is not
encrypted. However, we tunnel it through ssh for encryption. It also has
the benefit of the vtund port is not open to the public.
  I've attached conf files and the startup script. I keep the startup
script in /etc/rc.d/init.d and use 'service' to start it. I use a
non-passworded ssh key to allow for starting the ssh tunnel without a
password. The public key is on the vtun server in an account that is
used for vtun access.
  I know this isn't much in the way of explaination, but look through
the files. If you have any questions, let me know.

Ken

P.S. My client is 'user2' in our config.
-- 
Ken Mink <kmtrilug at nc.rr.com>
-------------- next part --------------
options {
  port 5000;            # Connect to this port.
  timeout 60;           # General timeout

  # Path to various programs
  ppp           /usr/sbin/pppd;
  ifconfig      /sbin/ifconfig;
  route         /sbin/route;
  firewall      /sbin/iptables;
  ip            /sbin/ip;
}

user2 {
  pass  passwd2;      # Password
  type  tun;            # IP tunnel
  device tun1;          # Device tun1
  up {
        # Connection is Up

        # Assign IP address and netmask.
        ifconfig "%% 172.31.101.2 pointopoint 172.31.102.1 mtu 1450";

        route "add -net 192.168.1.0 netmask 255.255.255.0 gw 172.31.101.2 metric 1";
  };
  down {
        # Connection is Down

        # Shutdown tap device
        ifconfig "%% down";
  };
}
-------------- next part --------------
options {
  port 5000;		# Listen on this port.

  # Syslog facility
  syslog 	daemon;

  # Path to various programs
  ppp 		/usr/sbin/pppd;            
  ifconfig 	/sbin/ifconfig;
  route 	/sbin/route;
  firewall 	/sbin/iptables;
  ip		/sbin/ip;
}

# Default session options 
default {
  compress no;		# Compression is off by default
  encr no;              # Encryption off by default
  speed 0;		# By default maximum speed, NO shaping
}

user1 {
  pass  passwd1;	# Password
  type  tun; 		# IP tunnel
  device tun0; 		# Device tap0 
  proto tcp;   		# TZCP protocol
  comp  no;		# None (let SSH do it)
  encr  no;		# No (let SSH do it)
  stat  yes;   		# Log connection statistic 
  keepalive yes;	# Keep connection alive

  up {	
	# Connection is Up 

	# Assign IP address 
	ifconfig "%% 172.31.100.1 pointopoint 172.31.100.3 mtu 1450";
		
	route "add -net 10.1.1.0 netmask 255.255.255.0 gw 172.31.100.1 metric 1";

  };

  down {
	# Connection is Down

	# Shutdown tap device. 
	ifconfig "%% down"; 

  };
}

user2 {
  pass  passwd2;	# Password
  type  tun; 		# IP tunnel
  device tun2; 		# Device tap0 
  proto tcp;   		# TZCP protocol
  comp  no;		# None (let SSH do it)
  encr  no;		# No (let SSH do it)
  stat  yes;   		# Log connection statistic 
  keepalive yes;	# Keep connection alive

  up {	
	# Connection is Up 

	# Assign IP address 
	ifconfig "%% 172.31.101.1 pointopoint 172.31.101.2 mtu 1450";
		
	route "add -net 192.168.10.0 netmask 255.255.255.0 gw 172.31.101.1 metric 1";

  };

  down {
	# Connection is Down

	# Shutdown tap device. 
	ifconfig "%% down"; 

  };
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.prv_vtunrc
Type: text/x-sh
Size: 1322 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030407/a80d533c/attachment.sh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030407/a80d533c/attachment.pgp>