Installing and Configuring a Linux VPN Server

This tutorial assumes the use of Red Hat 7.2, on which FreeS/WAN implementations tend to go smoothly. To that end, just about any other distribution of Linux with the appropriate config should work with a few modifications to the network startup parameters, which may be configured differently.

Understanding your tunnels

Before getting into the step-by-step instructions, it’s important to understand what you’re trying to configure, and the technologies involved. Essentially the goal is to create a Linux gateway at each location that will secure traffic that passes between the locations using IPSec. These gateways might also be our router, NAT server or firewall. What our FreeS/WAN implementation will do is watch for network traffic destined for the remote network, encrypt it using the IPSec Encapsulating Security Payload (ESP) protocol, and use the Internet as a vehicle for its transmission. On the receiving end, the FreeS/WAN system will decrypt the packets and forward them on to the designated subnet we have defined in our configuration files. Note that the interior systems need not know about or understand the encryption process; they simply attempt to communicate as normal. This diagram provides a high-level overview of the network configuration we’ll be using.

To begin with, you’ll need at least two servers with Linux installed, assumed to be Red Hat 7.2. You might consider PII’s with at least 128 MB of RAM. Remember that a great deal of encryption is computationally taxing, so use what you can afford. To that end, you can also easily install and run FreeS/WAN on lesser boxes if that’s all you have – testing in your particular environment will show whether the performance meets your needs. You’ll also need at least two network cards or one network card and some type of PPP connection in each server if that’s the route your taking.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.