- vTUN is a realtively easy way to create VPN tunnels. It is easy to install,
configure and use. Unfortunately, I had to spend some time, trying to compile it on my RH 8.0 system.
- I am asssuming that we are using the following setup.
- To install/configure vTun on your machines, follows the instructions listed
here.
- Red Hat 8.0/9.0 comes with inbuilt support for ppp. Just check that you have version 2.4.2 (or higher) using
rpm -qi ppp. It seems this version is released as a part of PPP project, that has
inbuilt MPPE (Microsoft Point-to-Point Encryption) support. Since previous ppp versions did not
have this support (and probably no one in the PPP core project team wanted to put it in),
another independent team had realsed their own ppp code (Ver 2.4.0) having MPPE support. So if you have this
older version, consider upgrading it to the newer version. NOTE: MANY OPTION NAMES HAVE BEEN CHANGED IN THE
NEWER VERSION, so you might also consider upgrading the different option files.
For more information on this refer
to this site.
- I will assume that you have ppp v2.4.2 installed and up and running.
- FIRST CONFIGURE THE SERVER PROPERLY: vTund has very limited functionality here.
It is only necessary to start a server process that can accept request and start the pppd.
Below I list the /etc/vtund.conf file. Make full use of man vtund.conf to get help.
shashank@zidler:/etc# cat vtund.conf
options {
port 5000; # Listen on this port.
syslog daemon; # Syslog facility
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/tables;
ip /sbin/ip;
}
# Default session options
default {
# type tun; #tun, ether, tty(default), pipe
# proto tcp; #udp, tcp
compress no; # no, yes, zlib, lzo
encrypt yes; #yes, no
stat yes; #yes, no: check /var/log/vtund/SessionName_X
speed 0; # By default maximum speed, NO shaping
}
IP-Tunnel {
--SNIP--Discussed in http://mia.ece.uic.edu/~papers/volans/vtund.html
}
PPP-Tunnel {
passwd qwer1234; # Password to authenticate the vtund client
# type tty; # PPP tunnel. (If you uncomment this option, things don't seem to work)
proto tcp; # Use UDP or TCP protocol
# compress lzo:9; # LZO compression level 9
encrypt yes; # Encryption
keepalive yes; # Keep connection alive
stat yes; #yes, no
up {
# Connection is Up
#################################################################################
# ppp "192.168.254.201:192.168.254.200 proxyarp"; #
# route "add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.254.200"; #
#################################################################################
ppp "file /etc/ppp/options.vtund";
};
down {
# Connection is down
################################################################################
# route "del -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.254.200"; #
###############################################################################
};
}
Note: In this configuration file, I am asking ppp to get all the options from the file
/etc/ppp/options.vtund. If you don't want to do this, you can comment this line and uncomment the
lines within the "#" boxes, in the "up" and "down" section.
Below i have listed the options that i have used for pppd specified in the /etc/ppp/options.vtund .
More information about these options can be
got from man pppd or from this
document (Point iv).
#speed 115200
noauth
192.168.254.201:192.168.254.200
debug
dump
lock
ipparam 192.168.0.0
kdebug 7
logfd 2
logfile /var/log/vtund.log
name zidler
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
refuse-mschap-v2
- Start the vtund on the server using the folloing command. Use an additional "-n" option to keep the process in
foreground.
shashank@zidler:# vtund -s -f /etc/vtund.conf
NOTE THAT I AM USING THE -f OPTION to specify the configuration file. This is required. The doucmentation says that
it looks in /etc/vtund.conf by default. But this is not so.
Its a long story, but if you want to find out just use ./configure --help and take a look at the option
--sysconfdir=DIR.
- CONFIGURE THE CLIENT PROPERLY: Below I have shown the /etc/vtund.conf file for the client.
[shashank@mia /etc]# cat vtund.conf
options {
--SNIP--- same as server
}
# Default session options
default {
--SNIP-- same as server
}
# TUN example.
IP-Tunnel {
--SNIP--Discussed in http://mia.ece.uic.edu/~papers/volans/vtund.html
}
# PPP tunnel example.
PPP-Tunnel {
passwd qwer1234; # Password
# type tty; # PPP tunnel. (If you uncomment this option, things don't seem to work)
proto tcp; # UDP/TCP protocol
# compress lzo:9; # LZO compression level 9
encrypt yes; # Encryption
# keepalive yes; # Keep connection alive
# persist yes;
up {
# Connection is Up
#################################################################################
# ppp "noipdefault"; #
# route "add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.254.201"; #
#################################################################################
ppp "file /etc/ppp/options.vtund";
};
down {
# Connection is down
#################################################################################
# route "del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.254.201"; #
#################################################################################
};
}
Similar to the server, I have specified an options file for the client. If you don't want to use this,
do the necessary changes. Below I show the /etc/ppp/options.vtund file.
lock
debug
#require-mppe
ipparam 192.168.2.0
logfile /var/log/vtund.log
- Start the vtund at the client, using the following command. Again you can use an additional "-n" option
to keep the process in foreground.
[shashank@mia shashank]# vtund -f /etc/vtund.conf PPP-Tunnel zidler
- You can see the log messages in /var/log/messages unless you have configured something else in /etc/syslog.conf.
The logs appears as follows:
shashank@zidler:/home/shashank# tail -n 5 /var/log/messages
May 31 22:00:29 zidler vtund[5553]: VTUN server ver (Name,0) 05/31/2003 (stand)
May 31 22:00:36 zidler vtund[5554]: Session IP-Tunnel[131.193.50.165:55142] opened
May 31 22:00:36 zidler vtund[5554]: LZO compression[level 9] initialized
May 31 22:00:36 zidler vtund[5554]: BlowFish encryption initialized
May 31 22:00:36 zidler /etc/hotplug/net.agent: invoke ifup tun0
--------------------------------------------------------------------
[shashank@mia shashank]# tail -n 6 /var/log/messages
May 31 21:51:21 mia vtund[1146]: VTun client ver 2.6 05/31/2003 started
May 31 21:51:21 mia vtund[1146]: Connecting to zidler
May 31 21:51:21 mia vtund[1146]: Session IP-Tunnel[zidler] opened
May 31 21:51:21 mia /etc/hotplug/net.agent: invoke ifup tun0
May 31 21:51:21 mia vtund[1146]: LZO compression[level 9] initialized
May 31 21:51:21 mia vtund[1146]: BlowFish encryption initialized
- Use the ifconfig command to check if the interface has come up.
shashank@zidler:/home/shashank# ifconfig
--SNIP--
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.254.201 P-t-P:192.168.254.200 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:240 (240.0 b) TX bytes:234 (234.0 b)
- Check connectivity using ping. Also check if the routes have properly setup using netstat -rn
- Now comes the experimentation.