IPSec on debian
I need to set up a VPN service for myself on my linode, but I don't want to use openvpn as this relies on an external client software for mac and pc, I'm also needing to run it on iPhone which supports IPSec, so….
How can i set up IPSec or PPTP or L2PT
I shall await flaming …
Debian 5.0 x64
apache 2
php5
6 Replies
I've never set up any VPN that wasn't hosted on a router though..
Personally, I'd go for OpenVPN. Even if you need an extra client to connect it's much less of a headache.
I'm assuming you're ok with using a external html client (a web browser) a external Pop3/Imap client (a email client) and a external SSH client?
Except for the iphone (which needs to be jailbroke to work) the openvpn clients are small, stable, easy to install, and secure.
FYI: the pptp protocol has long since been cracked, and is considered to be only marginally secure.
You could skip the whole VPN thing and just use SSH with certs and tunnel whatever you need over that. Of course you'd need a SSH client.
http://www.ipsec-howto.org/ipsec-howto.pdf
And the manual pages for:
racoon
racoon.conf
setkey
You may also want to tweak/make your own startup script for racoon and setkey.
I know the topic is a little old but my question fits perfectly so I'll just ask here.
The Linode is a Debian 6.0 amd64 with the default linode 2.6.38_amd64 kernel.
I'm trying to setup IPSEC in transport mode between two linodes in different data centers using the manual config as in ipsec-howto.org:
#!/usr/sbin/setkey -f
flush;
spdflush;
# AH SAs using 128 bit long keys
add IP1 IP2 ah 0x200 -A hmac-md5 <key1>;
add IP2 IP1 ah 0x300 -A hmac-md5 <key2>;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add IP1 IP2 esp 0x201 -E 3des-cbc <key3>;
add IP2 IP1 esp 0x301 -E 3des-cbc <key4>;
# Security policies
spdadd IP2 IP1 any -P out ipsec esp/transport//require ah/transport//require;
spdadd IP1 IP2 any -P in ipsec esp/transport//require ah/transport//require;</key4></key3></key2></key1>
The ouput when running is:
$ setkey -f /etc/ipsec-tools.conf
The result of line 15: (null).
The result of line 16: (null).
The default linode kernel 2.6.38 seems to have the right options, but the spdadd commands fail. The same config works fine on a Debian 6.0 with the stock kernel somewhere else.
Any ideas?