This download lists the 10 steps you should take to set up a VPN server in a Redhat distribution of Linux.
By James M. Garvin
Editor's note: As part of a recent IT Soapbox blog post I asked Linux users and evangelists in the TechRepublic community to step up to the plate and take a crack at producing some informative articles and downloads on the Linux operating system. This document is just one of the submissions inspired by that challenge. Just click the Linux challenge tag to track other published submissions stemming from this grass roots project.
I am assuming you are using a Redhat or Redhat-like distribution. Some of these packages can be grabbed via yum. However, I'm going to have you install them via RPM as you cannot get all of them via yum. If you are not, you will need to get the proper packages. For Debian you can use aptget or search for the .deb. For SuSe you can use Yast or find the distro specific RPMs.
1) Install the DKMS package
rpm --install dkms-1.12-2.noarch.rpm
This is dynamic kernel module support. You need this to simplify setup and configuration at the kernel level. This will make almost everything transparent to the user during setup.
2) Install the ppp kernel module
rpm --install kernel_ppp_mppe-0.0.4-2dkms.noarch.rpm
Point to Point Protocol to setup your "modem" or whatever your connection consists of. This is the portion for your kernel.
3) Make sure ppp is working
modprobe ppp-compress-18 && echo James Garvin has saved me from a life of Windows
Ok, so that is a bit of fun, but what does that command mean? Well, if on success of the modprobe command, I execute the echo command. Modprobe adds the module to the Linux kernel, while echo simply writes what ever you say back to the terminal.
4) Upgrade ppp
rpm --upgrade ppp-2.4.3-0.cvs_20040527.4.fc2.i386.rpm
This is the ppp for the user. The kernel module for ppp has been installed and this is for the user.
5) Get the PPTP client
rpm --install pptp-linux-1.5.0-1.i386.rpm
This is the "VPN Client," so to speak. This is the GUI client in which you can setup VPN connections and various options.
6) Get phppcntl
rpm --install Getphp-pcntl php-pcntl-4.3.8-1.i386.rpm
This is to help the GUI work.
7) Get the phpgtkmodule
rpm --install php-gtk-pcntl-1.0.0-2.i386.rpm
This file also helps make the GUI work.
8) Get pptpconfig installed
rpm --install pptpconfig-20040722-0.noarch.rpm
This command installs the Point to Point Tunneling Protocol. This is so the VPN can actually create the tunnel from A to B. VPNs can use two protocols, L2TP and PPTP. L2TP is Layer 2 Tunneling Protocol and does just what it says. It works at Layer 2 in the OSI model, the Data Link Layer.
9) Now at the command line type
This command will popup a spiffy GUI for you to use.
|The spiffy pptconfig GUI|
10) Configure your connection
In the Server Tab we need to configure some basics:
- Name: The name of the connection. You can call it anything you want
- Server: The server you are connecting to, either the IP or name of the server. eg: 126.96.36.199 or google.com
- Domain: A domain, if any, that the VPN is connecting to
- Username: Your login username for the VPN or the intranet
- Password: The login password for the VPN or the intranet
In the Routing Tab we need to make sure it is setup properly. Typically we need to send All to Tunnel.However, this can and will vary from VPN to VPN. Check with you local administrator on what radio button you need to choose.
The DNS Tab is usually quite simple; it will be either automatic, or we will have to enter some basic DNS information and any optionswe may need to include.
The Encryption Tab is a sticky point. We have a number of choices:
- Require Microsoft PointtoPoint Encryption
- Refuse 40bit Encryption
- Refuse 128bit Encryption
- Refuse Stateless Encryption
- Refuse to Authenticate with EAP
You need to talk to your administrator and understand what your VPN requires. A typical setup will check box Require Microsoft PointtoPoint Encryption (for MS VPNS), Refuse 40bit Encryption, and Refuse Stateless Encryption. However, talk to your administrator to be sure.
The Miscellaneous Tab is our final tab. We shouldn't have anything to do here. The default setup should work just fine in many cases.
We now click the Addbutton and highlight our new connection and choose Start. We have now created a VPN connection to a remote host! Congratulations for using Linux and sticking with a slightly frustrating task.
If you have any questions or comments please drop me a line at firstname.lastname@example.org.