Virtual private networks (VPNs) are a means for connecting to a remote network and making it look like a local one. This means you can connect to your work location and have full access to resources (if so configured on the work side), such as shared printers, work files, etc.
There are a number of VPN products freely available; some are kernel-level like openswan and can be fairly difficult to configure. OpenVPN, available at http://openvpn.net/, doesn't require patching the kernel and can be extremely straightforward. Configuration is more difficult if you want to use a lot of its features, but for a quick client/server VPN, you can be up and running in minutes.
The first step is to install OpenVPN; this can be done either by compiling from source or installing a package from your vendor (i.e., Mandriva, Debian, and others provide OpenVPN packages that are an urpmi or apt-get away).
Once you've installed OpenVPN on the two systems you want to create a VPN between, you need to determine how to configure them to connect to each other. The simplest method is to use a static, pre-shared key. This has certain drawbacks, such as the lack of multiple clients to a server, but for a straight client/server scenario it works very well. It's also the easiest setup.
To generate the key, execute:
# openvpn —genkey —secret static.key
This file needs to be on both the client and server, so copy it via ssh or through some other secure method like a floppy or CD.
On the server, put static.key into a directory special to OpenVPN, such as /etc/openvpn/. In this same directory, create a server.conf file. The /etc/openvpn/server.conf file would look like:
ifconfig 10.10.10.1 10.10.10.2
You can use any unused subnet you like instead of the 10.10.10.0 shown above.
On the client, move static.key into /etc/openvpn as well and create /etc/openvpn/client.conf with the following:
ifconfig 10.10.10.2 10.10.10.1
Replace vpn.domain.com with the hostname or IP address of the server. Also, ensure that UDP port 1194 is allowed to receive traffic in your firewall rules for both locations.
On the server, start openvpn using:
# openvpn —config /etc/openvpn/server.conf
And do the same on the client. You now should be able to ping both machines from each other. If you're unable to ping, likely one of the systems isn't properly allowing UDP port 1194 traffic. You should also be able to connect to any services that would be permissible on the local LAN.
OpenVPN can be either easy or challenging to configure. One of its greatest strengths is that it doesn't require complicated patching and compiling of the kernel, is cross-platform (there are versions for Windows, OS X, and other operating systems) and can make for a quick and painless way to connect one remote machine to another.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.