Configure VPN with Fedora


Please follow the steps below to establish a VPN connection.

*** The following instructions are for ClassNet and ResNet networks only while connection from Public ISP may not be supported.

I. Download and Install L2TP VPN Package

1. Download racoon, ppp, dhcp-client, ipsec-tools, xl2tpd to a computer which have Internet access, then transfer to your computer running debian by clicking the URL.
2. Double-click the package downloaded; you will be reminded that the client can also be downloaded through yum channel.

Then click Close.

3. Click Install Package to install racoon and ipsec-tools, ppp,dhcp-client and xl2tpd.
4. Type your computer’s root account password, and then click OK.
5. Click Apply to continue the installation .
6. Click Install anyway to continue the installation.
7. Click OK to finish the package installation.
8. Repeat the step 2 to step for installing the others package except racoon and ipsec-tools package.
9. You should select “direct” and press Enter to continue the installation of the racoon and ipsec tools package.



II. Configure the corresponding configuration file

1.Edit the configuration of the packages installed using any word editor (e.g. vi, vim, gedit)

I. Edit the racoon.conf file

Enter the command:

gedit /etc/racoon/racoon.conf

And then copy and paste the code like the picture shown below for the racoon configuration file.

The configuration of raccoon.conf should be:

log debug;
path pre_shared_key “/etc/racoon/psk.txt”;
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
generate_policy on;
proposal_check obey;
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo anonymous {
lifetime time 28800 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

II.Edit the Pre-Shared Key file

The first one is the servers’ IP and the second one is the pre-shared key, using Resnet VPN, the setting should be:

Enter the command,

gedit /etc/racoon/psk.txt

You can copy and paste all codes below the psk file.

#resnet
10.0.255.246 ipsec-vpn
10.0.255.247 ipsec-vpn
10.0.255.248 ipsec-vpn
10.0.255.249 ipsec-vpn
10.0.255.251 ipsec-vpn
10.0.255.253 ipsec-vpn
10.0.255.252 ipsec-vpn
10.0.255.254 ipsec-vpn
#classnet
10.0.191.254 ipsec-vpn
10.0.191.253 ipsec-vpn
#broadband
137.189.192.201 ipsec-vpn
137.189.192.204 ipsec-vpn

III. Edit the configuration of the l2tpd (for ubuntu 7.10) or xl2tpd (for ubuntu 8.04)

Enter the command according to your ubuntu’s version:

gedit /etc/xl2tpd/xl2tpd.conf

[global]
port = 1701
auth file = /etc/ppp/pap-secrets
[lac connect]
lns = vpn.cuhk.edu.hk
require pap = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd

IV. Edit the pap secrets file according to the nature of the VPN connection

Enter the command

gedit /etc/ppp/pap-secrets

s0123456 vpn.cuhk.edu.hk yourpassword

V. Edit the option file

Enter the command :

gedit /etc/ppp/options.xl2tpd

lock
debug
mtu 1000
nobsdcomp
nodeflate
noaccomp
nopcomp
novj
defaultroute
replacedefaultroute
name s0123456 (change to your student ID)


III. Connect to Resnet/Classnet

1.Download the script connect.sh from here and save the file to the corresponding location.
2. You should at the directory where connect.sh exist in the terminal and then type the below to excute the script file.When you need to connect to the VPN, you need to execute it everytime.
./connect.sh
3. You can check whether your connection is under VPN connection by using “ifconfig” command. If you can see the ppp0 connection, that means your connection is under VPN connection.
4. For disconnection, please enter the following command.

echo “d” > /var/run/xl2tpd/l2tp-control

IV. Tips for broadband users

Please go though the steps in I and II. Then, you are required to make the following amendments.

1. Adding static route

First you have to identify the IP address of your ISP’s default gateway and the broadband VPN server you are connecting.

For ADSL-based broadband:
/sbin/route add -host vpn.server.ip.address ppp0 (adding both broadband VPN server IP addresses are ok)
/sbin/route add default ppp1

For ethernet-based broadband:
/sbin/route add -host vpn.server.ip.address gw isp.default.gateway.ip (adding both broadband VPN server IP addresses are ok)
/sbin/route add default ppp0

2. Modification of connect.sh

  • remove the dhclient
  • changing ipsec encryption commands with local ip address as the following:

echo -e spdadd yourIPaddress/32\[1701\] 0.0.0.0\/0\[0\] any \-P out ipsec esp\/transport\/\/require\; |

3. For DNS server

If you can connect by IP but can’t resolve DNS, you need to add the CUHK DNS servers to resolv.conf

gedit /etc/resolv.conf

nameserver 137.189.192.3
nameserver 137.189.196.3

Advertisements

About Bona

បណ្ដាញសម្រាប់ទំនាក់ទំនង ចែករំលែក ពិភាក្សា ពីជ្រុងមួយនៃប្រទេសកម្ពុជា

Posted on March 27, 2008, in ផ្ទាល់ខ្លួន. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s