Setting up a VPN Gateway
A virtual private network (VPN) is a tool that enables the secure transmission of data over untrusted networks such as the Internet. VPNs commonly are used to connect local area networks (LANs) into wide area networks (WANs) using the Internet. Perhaps you need to build a VPN between two offices but are not sure if the large infrastructure costs associated with an enterprise-level VPN solution are justifiable. The performance of applications that are intended for use over LANs (for example those that use network file sharing) seriously can be degraded over WAN connections. Likewise, lower bandwidth and longer latency in WAN connections can affect adversely the reliability and performance of groupware and thin-client applications. Perhaps you have a home office and would like to use your high-speed internet access to connect seamlessly and securely to your office LAN through an IPSec-capable router. Or perhaps you are just curious about VPNs and IPSec in general and want to experiment.
The VPN firewall discussed in this article will run on just about any 486-or-better PC that has 16MB or more main memory and two Linux-compatible Ethernet network cards. The idea is to provide a starting point from a single, self-contained package that will allow you to create robust, secure, scalable and highly configurable VPNs that also are interoperable with many common commercial VPN implementations. If you wish to experiment on a low-maintenance firewall-VPN gateway, then the package discussed here might be ideal for you.
This article shows you how to set up, at minimal expense, a working VPN gateway that uses the IETF's (Internet Engineering Task Force) IPSec (internet protocol security) specification. IPSec is an open standard and is supported by virtually all major firewall software and hardware vendors, such as Lucent, Cisco, Nortel and Check Point. This package will give you a widely interoperable IPSec that uses the de facto standard 3DES encrypted, MD5-authenticated site-to-site or point-to-site VPN. You should be able to do this without resorting to a full Linux distribution or recompiling a standard Linux kernel with a kernel IPSec module.
The VPN system we examine here is based on FreeS/WAN (www.freeswan.org), a portable, open-source implementation of the IPSec specification. FreeS/WAN has been demonstrated to interoperate, to various degrees, with Cisco IOS 12.0 and later routers, Nortel Contivity Switches, OpenBSD, Raptor Firewall, Check Point FW-1, SSH Sentinel VPN 1.1, F-Secure VPN, Xedia Access Point, PGP 6.5/PGPnet and later, IRE SafeNet/SoftPK, Freegate 1.3, Borderware 6.0, TimeStep PERMIT/Gate 2520, Intel Shiva LanRover, Sun Solaris and Windows 2000. The official FreeS/WAN web site has a regularly updated compatibility list with the latest version of its on-line documentation. FreeS/WAN version 1.5 is included in this package.
I have created a single-diskette distribution that installs the base configuration of a VPN firewall based on the Linux Router Project (LRP, www.linuxrouter.org), a compact Linux distribution that can fit on a single, bootable floppy diskette. The distribution here is essentially Charles Steinkuehler's Eiger disk image with Steinkuehler's IPSec-enabled kernel and LRP IPSec package. Firewalling is carried out through Linux ipchains. This particular version is based on the 2.2.16 kernel of Linux. This distribution is called DUCLING (Diskette-based Ultra Compact Linux IPSec Network Gateway). Compact Linux distributions have a twisted history. LRP technically refers to Dave Cinege's compact distribution. There are many variants around, including Charles Steinkuehler's distribution (EigerStein) of Matthew Grant's defunct Eiger version (lrp1.steinkuehler.net). Another such distribution is David Douthitt's Oxygen (leaf.sourceforge.net/content.php?menu=900&page_id=1). Also, there is LEAF (Linux Embedded Appliance Firewall), a developer's umbrella that tries to coordinate releases and documentation, sort of like a one-stop shop for compact Linux distributions (leaf.sourceforge.net). I use the term LRP to refer to the compact Linux distribution presented here, even though some may consider this terminology incorrect.
If you are running MS Windows 9x, the distribution self-extracts and installs itself onto a standard 3.5", high-density floppy diskette. You also can write the image to a boot floppy if you have a system running Linux. Once the extraction is done, you will need to boot off the floppy disk you have created, copy the network drivers for your network cards over and edit the appropriate configuration files. That's it—no creating and formatting disk partitions or messing with boot managers on your hard drive. If you are not happy with the distribution, just pop the diskette out, throw it away (or reformat it) and reboot your PC. Check the links on leaf.sourceforge.net/devel/thc for more information on these options.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- Stunnel Security for Oracle
- The Firebird Project's Firebird Relational Database
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- SUSE LLC's SUSE Manager
- Managing Linux Using Puppet
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Google's SwiftShader Released
- Doing for User Space What We Did for Kernel Space
- SuperTuxKart 0.9.2 Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide