IPSec on debian

I'm sorry, Im really sorry for what I'm about to ask.

I need to set up a VPN service for myself on my linode, but I don't want to use openvpn as this relies on an external client software for mac and pc, I'm also needing to run it on iPhone which supports IPSec, so….

How can i set up IPSec or PPTP or L2PT

I shall await flaming …

Debian 5.0 x64

apache 2

php5

6 Replies

I had a lot typed out but… wasn't worth sending after I read it.

I've never set up any VPN that wasn't hosted on a router though..

Personally, I'd go for OpenVPN. Even if you need an extra client to connect it's much less of a headache.

http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html

Care to share why you think external (or additional) clients are evil?

I'm assuming you're ok with using a external html client (a web browser) a external Pop3/Imap client (a email client) and a external SSH client?

Except for the iphone (which needs to be jailbroke to work) the openvpn clients are small, stable, easy to install, and secure.

FYI: the pptp protocol has long since been cracked, and is considered to be only marginally secure.

You could skip the whole VPN thing and just use SSH with certs and tunnel whatever you need over that. Of course you'd need a SSH client.

Openswan will do what you need. Good guides to L2TP/IPsec here and here.

I don't know how you should configure your Iphone, but I use ipsec with racoon for my vpn, and it has worked well for me. Was some work to set up, but mainly because I'm on a LAN behind a firewall. You'll find useful information in:

http://www.ipsec-howto.org/ipsec-howto.pdf

http://lartc.org/lartc.pdf

And the manual pages for:

racoon

racoon.conf

setkey

You may also want to tweak/make your own startup script for racoon and setkey.

Hi,

I know the topic is a little old but my question fits perfectly so I'll just ask here.

The Linode is a Debian 6.0 amd64 with the default linode 2.6.38_amd64 kernel.

I'm trying to setup IPSEC in transport mode between two linodes in different data centers using the manual config as in ipsec-howto.org:

#!/usr/sbin/setkey -f

flush;
spdflush;

# AH SAs using 128 bit long keys
add IP1 IP2 ah 0x200 -A hmac-md5 <key1>;
add IP2 IP1 ah 0x300 -A hmac-md5 <key2>;

# ESP SAs using 192 bit long keys (168 + 24 parity)
add IP1 IP2 esp 0x201 -E 3des-cbc <key3>;
add IP2 IP1 esp 0x301 -E 3des-cbc <key4>;

# Security policies
spdadd IP2 IP1 any -P out ipsec esp/transport//require ah/transport//require;
spdadd IP1 IP2 any -P in ipsec esp/transport//require ah/transport//require;</key4></key3></key2></key1>

The ouput when running is:

$ setkey -f /etc/ipsec-tools.conf
The result of line 15: (null).
The result of line 16: (null).

The default linode kernel 2.6.38 seems to have the right options, but the spdadd commands fail. The same config works fine on a Debian 6.0 with the stock kernel somewhere else.

Any ideas?

no one uses IPSEC on linode?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct