|
Home
Search all pages
Subjects
By activity
Professions, Sciences, Humanities, Business, ...
User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...
Text Strings
Conversions, tests, processing, manipulation,...
Math
Integer, Floating point, Matrix, Statistics, Boolean, ...
Processing
Algorithms, Memory, Process control, Debugging, ...
Stored Data
Data storage, Integrity, Encryption, Compression, ...
Communications
Networks, protocols, Interprocess, Remote, Client Server, ...
Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...
File System
Management, Filtering, File & Directory access, Viewers, ...
|
|
|
RocketLink!--> Man page versions:
VPN(8) OpenBSD System Manager's Manual VPN(8)
NAME
vpn - configuring the system for virtual private networks
DESCRIPTION
A virtual private network is used to connect two or more subnets via the
internet. For each subnet there is a security gateway which is connected
via a cryptographically secured tunnel to the security gateway of the
other subnet. In OpenBSD ipsec(4) is used to provide the necessary cryp-
tographical services. This document describes the configuration process
for setting up a VPN.
Both subnets need to configure ipsec(4) routes with the ipsecadm(1) tool:
On the security gateway of subnet A:
ipsecadm flow -dst gatewB -spi 1 -addr netA netAmask netB netBmask -local
and on the security gateway of subnet B:
ipsecadm flow -dst gatewA -spi 1 -addr netB netBmask netA netAmask -local
Additionally both security gateways need to start the photurisd(8) key
management daemon with the -v flag and have to make sure that it is con-
figured properly on both sides to provide encryption and authentication.
Now ipf(1) needs to be configured that all packets from the outside are
blocked. Only packets from the security gateways either on the enc0 in-
terface or UDP packets with source and remote ports of 468 should be al-
lowed in.
The ipf rules for a tunnel which only uses ESP on security gateway A
might look like this:
# ed0 is the only interface going to the outside.
block in log on ed0 from any to any
block out log on ed0 from any to any
block in log on enc0 from any to any
# Passing in encrypted traffic from security gateways
pass in proto sipp-esp from gatewB to gatewA
pass out proto sipp-esp from gatewA to gatewB
# Passing in traffic from the designated subnets.
pass in on enc0 from netB/netBmask to netA/netAmask
# Passing in Photuris traffic from the security gateways
pass in on ed0 proto udp from gatewB/32 port = 468 to gatewA/32 port = 468
pass out on ed0 proto udp from gatewA/32 port = 468 to gatewB/32 port = 468
If there are no more ipf rules the quick clause can be added to the last
three rules.
SEE ALSO
ipf(1), ipsecadm(1), ipsec(4), photurisd(8).
OpenBSD 2.3 May 23, 1998 1
Source: OpenBSD 2.6 man pages. Copyright: Portions are copyrighted by BERKELEY
SOFTWARE DESIGN, INC., The Regents of the University of California, Massachusetts
Institute of Technology, Free Software Foundation, FreeBSD Inc., and others. |
(Corrections, notes, and links courtesy of RocketAware.com)
![[Detailed Topics]](/inbndsm.gif)
![[Overview Topics]](/outbndsm.gif)
Up to: Communication Implementation - low level implementation, multicast, ppp, slip, wrappers,firewalls, et al
RocketLink!--> Man page versions:
Rapid-Links:
Search | About | Comments | Submit Path: RocketAware > man pages >
vpn.8/
RocketAware.com is a service of Mib Software
Copyright 1999, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments
|
