Setting up a VPN Gateway
This distribution of LRP uses a standard ipchains-based firewall. ipchains (replaced by iptables in the 2.4 series kernels—see David A. Bandel's “Taming the Wild Netfilter”, LJ, September 2001) is a freely distributed packet filter for Linux. It is very instructive to look through the ipchains HOWTO if you are not familiar with this firewalling tool. This can be found at www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html.
The VPN is provided by FreeS/WAN's implementation of IPSec. FreeS/WAN's IPSec implementation is compliant with the IETF's IPSec specification. IPSec is an extension to the Internet Protocol (IP) that provides for authentication and encryption. Three protocols are used to handle encryption and authentication, namely ESP (Encapsulating Security Payload), AH (Authentication Header) and IKE (the Internet Key Exchange). All these components are included in the FreeS/WAN implementation of IPSec and generally are transparent to end users. ESP and AH handle encryption and authentication, while IKE negotiates the connection parameters, including the initialization, handling and renewal of encryption keys. The only encryption scheme currently supported by FreeS/WAN is 3DES (the triple DES or Data Encryption Standard—the current de facto standard for IPSec encryption). Authentication is carried out using MD5 digests of a so-called shared secret (a shared key). The shared key could be a mutually agreed-to character string, RSA cryptographic key pairs or X.509 certificates. FreeS/WAN's KLIPS (kernel IPSec) component, which is compiled into the Linux kernel, implements AH, ESP and the handling of packets. IKE processes handle key negotiation, and renewals are implemented in FreeS/WAN's standalone pluto dæmon.
First, you will need a PC with a floppy disk drive (I have tested only 3.5" disk drives) and two network cards in it. The demands of LRP (the distribution) are minimal and do not require a powerful PC. Anything that is Intel 486-class or better with more than 8MB of RAM will do. You also will need two floppy disks. Reliable, high-density 3.5" floppy disks should do, such as promotional diskettes from AOL. I have never had any problems with generic floppy disk drives, but I have found some problems with writing the distribution to floppy disks with Imation USB U2 SuperDisk drives.
You will need to download the appropriate DUCLING.tgz/zip distribution from ftp.cinemage.com/pub and extract the contents of the archive file. If you have a static IP address, then download the static version, and if you are assigned a dynamic IP address, you will need the distribution with a DHCP client. If you are running Windows 9x, download ducling-stat-W9x-1-0.zip or ducling-dyn-W9x-1-0.zip. Extracting the .tgz file with Winzip (www.winzip.com) will produce a file, ducling-dyn-1-0.exe or ducling-stat-1-0.exe and directory modules. The .exe file is a self-extracting image that formats a floppy disk and writes the image to that disk. Run the ducling-stat-1-0.exe or ducling-dyn-1-0.exe file and place a floppy disk into the floppy disk drive. Note that any data on the disk will be overwritten.
If you are using MS-DOS or Windows 3.1, the TSR utility FDREAD.EXE must be loaded at the DOS level first if you wish to read and write to the 1,722KB format disk. FDREAD.EXE is a freeware program from Christoph H. Hochstätter.
If you are running Linux, download ducling-dyn-1-0.tgz or ducling-stat-1-0.tgz, untar the image (the example here is for the DHCP-enabled dynamic IP address distribution):
tar xvfz ducling-dyn-1-0.tgz
and write the image file, ducling-1-0.img, to a formatted floppy using the Linux fdformat and dd commands:
fdformat /dev/fd0u1722 dd if=ducling-dyn-1-0.ima of=/dev/fd0u1722Once the floppy disk image is created as mentioned above, you will have a bootable Linux floppy diskette.
The zipfile/directory named modules contain the required network driver modules as well as optional modules for firewall masquerading. Copy the contents of the module zipfile or directory onto a separate second MS-DOS-formatted floppy diskette for the configuration portion of this discussion (below). In Linux, format a second floppy disk by running
mkdosfs /dev/fd0and mounting the floppy drive and copying the modules over. Read the documentation included in the README files, which will give you details on configuring your firewall/router.
If you are unable to fit all the desired packages and modules onto a single floppy diskette, you will need to examine alternative setups that use dual floppy diskettes (see the included README files with the DUCLING distribution), a bootable CD-ROM or even a small hard disk. Refer to the on-line sources of LRP documentation for further information.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Peppermint 7 Released
- Sony Settles in Linux Battle
- Libarchive Security Flaw Discovered
- Maru OS Brings Debian to Your Phone
- Profiles and RC Files
- Snappy Moves to New Platforms
- The Giant Zero, Part 0.x
- Git 2.9 Released
- Susan Lauber's Linux Command Line Complete Video Course (Prentice Hall)
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide