:: Setting up VPN using vTun (Vitual Tunnel) ::
HOME

Click Here for Comparison Chart for different VPN solutions


TO SET UP A VPN USING vTun (Vitual Tunnel)
  1. vTUN is a realtively easy way to create VPN tunnels. It is easy to install, configure and use. Unfortunately, I had to spend some time, trying to compile it on my RH 8.0 system.
  2. I am asssuming that we are using the following setup.

  3. RedHat 8.0/9.0 kernels comes with support for Tun/Tap driver. Hence you don't need to do anything to enable kernel level support for it. If you do need to rebuild the kernel, take a look at the instructions mentioned here.
  4. Download the latest version of vTun from http://vtun.sourceforge.net/ and install it using the normal #./configure; make; make install commads. On RH 8.0, i faced a problem, where the configuration script could not locate the /usr/include/linux/if_tun.h file. As a result of this I used to get the following error
    Can't allocate tun device . No such file or directory(2)
    In order to circumvent this, i executed #aclocal; autoconf commands in the source tree and then followed the normal installation instructions. These commands create a new configure script that will locate the said file. I did not use any RPM's as at the time of this writing no RPM's were available for my system.
  5. The configuration files for vTun are a bit different for the client(mia) and Server(zidler). Below I list these files. The explanations for various options are explained within the file (so one should read the comments). If in doubt,make full use of man vtund.conf. The below configuration will set up an IP tunnel. If you would like to use PPP to set up the tunnel, take a look at this document 
    shashank@zidler:~> cat /etc/vtund.conf
options {
# type stand;           # stand(default), inet (used only at server)
  port 5000;            # Server will listen on this port for incoming requests.
  syslog daemon;        # Syslog facility

  # Path to various programs
  ppp           /usr/sbin/pppd;            #Path to the pppd. Use "which pppd" to find this.
  ifconfig      /sbin/ifconfig;		   
  route         /sbin/route;               
  firewall      /sbin/iptables;		   
  ip            /sbin/ip;                  
}
# Default session options 
default {
#  type tun;            #tun, ether, tty(default), pipe (Used only at Server)
#  proto tcp;           #udp, tcp(default) (Used only at server)
#  device tun0;
  compress no;          # no, yes, zlib:(1-9), lzo:(1-9); e.g. zlib:1 (default) (Used only at server)
  encrypt yes;          #yes, no (used only at server)
  stat yes;             #yes, no: check /var/log/vtund/SessionName_X
  speed 0;              #By default maximum speed, NO shaping (Used only at server)
#  keepalive yes;	#Used to keep alive the connection. (Used only at server)
}
# TUN example. Session 'cobra'.
IP-Tunnel {
  passwd  abcd1234;     # Password
  type  tun;            # IP tunnel 
  proto tcp;            # UDP protocol
  compress  lzo:9;      # LZO compression level 9
  encrypt  yes;         # Encryption
  keepalive yes;        # Keep connection alive
  stat yes;             #yes, no

  up {
        # Connection is Up 
        # 10.3.0.1 - local, 10.3.0.2 - remote 
        ifconfig "%% 192.168.254.201 pointopoint 192.168.254.200 mtu 1450";
        route "add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.254.200";
  };
  down {
        # Connection is down 
        # 10.3.0.1 - local, 10.3.0.2 - remote 
        ifconfig "%% down";
        route "del -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.254.200";
  };

}
---------------------------------------------------------
shashank@mia:~> cat /etc/vtund.conf
options {
  port 5000;            # Listen on this port.
  syslog 7;     # Syslog facility

  # Path to various programs
  ppp           /usr/sbin/pppd;            
  ifconfig      /sbin/ifconfig;
  route         /sbin/route;
  firewall      /sbin/tables;
  ip            /sbin/ip;
}

# Default session options 
default {
#  type tun;            #tun, ether, tty, pipe
#  proto tcp;           #udp, tcp
  compress no;          # no, yes, zlib, lzo
  encrypt yes;          #yes, no
  stat yes;             #yes, no
  speed 0;              # By default maximum speed, NO shaping
}

# TUN example. Session 'cobra'.
IP-Tunnel {
  passwd  abcd1234;     # Password
  type  tun;            # IP tunnel 
  proto udp;            # UDP protocol
  compress  lzo:9;      # LZO compression level 9
  encrypt  yes;         # Encryption
  keepalive yes;        # Keep connection alive
#  persist yes;

  up {
        # Connection is Up 
        ifconfig "%% 192.168.254.200 pointopoint 192.168.254.201 mtu 1450";
        route "add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.254.201";
  };

  down {
        # Connection is down 
        ifconfig "%% down";
        route "del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.254.201";
  };
}
    Note how I have added/deleted routes in the two files.
  6. Start the vtund on the server using the following command. Use an additional "-n" option to keep the process in foreground. 
    shashank@zidler:# vtund -s -f /etc/vtund.conf
    NOTE THAT I am using the -f /etc/vtund.conf to specify the configuration file as vtund uses /usr/local/etc/vtund.conf by default(In the man page for vtund, the default configuration file is specified as "/etc/vtund.conf", which is erroneous). You don't need to specify this option, if you use /usr/local/etc/vtund.conf.
  7. Start the vtund at the client, using the following command. Again you can use an additional "-n" option to keep the process in foreground. 
    [shashank@mia shashank]# vtund -f /etc/vtund.conf IP-Tunnel zidler
  8. You can see the log messages in /var/log/messages unless you have configured something else in /etc/syslog.conf. The logs appears as follows: 
    shashank@zidler:/home/shashank# tail -n 5 /var/log/messages
May 31 22:00:29 zidler vtund[5553]: VTUN server ver (Name,0) 05/31/2003 (stand)
May 31 22:00:36 zidler vtund[5554]: Session IP-Tunnel[131.193.50.165:55142] opened
May 31 22:00:36 zidler vtund[5554]: LZO compression[level 9] initialized
May 31 22:00:36 zidler vtund[5554]: BlowFish encryption initialized
May 31 22:00:36 zidler /etc/hotplug/net.agent: invoke ifup tun0
--------------------------------------------------------------------
[shashank@mia shashank]# tail -n 6 /var/log/messages
May 31 21:51:21 mia vtund[1146]: VTun client ver 2.6 05/31/2003 started
May 31 21:51:21 mia vtund[1146]: Connecting to zidler
May 31 21:51:21 mia vtund[1146]: Session IP-Tunnel[zidler] opened
May 31 21:51:21 mia /etc/hotplug/net.agent: invoke ifup tun0
May 31 21:51:21 mia vtund[1146]: LZO compression[level 9] initialized
May 31 21:51:21 mia vtund[1146]: BlowFish encryption initialized
  9. Use the ifconfig command to check if the interface has come up. 
    shashank@zidler:/home/shashank# ifconfig
--SNIP--
tun0      Link encap:Point-to-Point Protocol  
          inet addr:192.168.254.201  P-t-P:192.168.254.200  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1450  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
  10. Check connectivity using ping. Also check if the routes have properly setup using netstat -rn
  11. Comments and corrections are appreciated and can be sent at papers@mia.ece.uic.edu. Now comes the experimentation.
Comments and corrections are appreciated and can be sent to papers@mia.ece.uic.edu. Click here for ©opyright information.