Setting up a VPN Gateway
This distribution of LRP uses a standard ipchains-based firewall. ipchains (replaced by iptables in the 2.4 series kernels—see David A. Bandel's “Taming the Wild Netfilter”, LJ, September 2001) is a freely distributed packet filter for Linux. It is very instructive to look through the ipchains HOWTO if you are not familiar with this firewalling tool. This can be found at www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html.
The VPN is provided by FreeS/WAN's implementation of IPSec. FreeS/WAN's IPSec implementation is compliant with the IETF's IPSec specification. IPSec is an extension to the Internet Protocol (IP) that provides for authentication and encryption. Three protocols are used to handle encryption and authentication, namely ESP (Encapsulating Security Payload), AH (Authentication Header) and IKE (the Internet Key Exchange). All these components are included in the FreeS/WAN implementation of IPSec and generally are transparent to end users. ESP and AH handle encryption and authentication, while IKE negotiates the connection parameters, including the initialization, handling and renewal of encryption keys. The only encryption scheme currently supported by FreeS/WAN is 3DES (the triple DES or Data Encryption Standard—the current de facto standard for IPSec encryption). Authentication is carried out using MD5 digests of a so-called shared secret (a shared key). The shared key could be a mutually agreed-to character string, RSA cryptographic key pairs or X.509 certificates. FreeS/WAN's KLIPS (kernel IPSec) component, which is compiled into the Linux kernel, implements AH, ESP and the handling of packets. IKE processes handle key negotiation, and renewals are implemented in FreeS/WAN's standalone pluto dæmon.
First, you will need a PC with a floppy disk drive (I have tested only 3.5" disk drives) and two network cards in it. The demands of LRP (the distribution) are minimal and do not require a powerful PC. Anything that is Intel 486-class or better with more than 8MB of RAM will do. You also will need two floppy disks. Reliable, high-density 3.5" floppy disks should do, such as promotional diskettes from AOL. I have never had any problems with generic floppy disk drives, but I have found some problems with writing the distribution to floppy disks with Imation USB U2 SuperDisk drives.
You will need to download the appropriate DUCLING.tgz/zip distribution from ftp.cinemage.com/pub and extract the contents of the archive file. If you have a static IP address, then download the static version, and if you are assigned a dynamic IP address, you will need the distribution with a DHCP client. If you are running Windows 9x, download ducling-stat-W9x-1-0.zip or ducling-dyn-W9x-1-0.zip. Extracting the .tgz file with Winzip (www.winzip.com) will produce a file, ducling-dyn-1-0.exe or ducling-stat-1-0.exe and directory modules. The .exe file is a self-extracting image that formats a floppy disk and writes the image to that disk. Run the ducling-stat-1-0.exe or ducling-dyn-1-0.exe file and place a floppy disk into the floppy disk drive. Note that any data on the disk will be overwritten.
If you are using MS-DOS or Windows 3.1, the TSR utility FDREAD.EXE must be loaded at the DOS level first if you wish to read and write to the 1,722KB format disk. FDREAD.EXE is a freeware program from Christoph H. Hochstätter.
If you are running Linux, download ducling-dyn-1-0.tgz or ducling-stat-1-0.tgz, untar the image (the example here is for the DHCP-enabled dynamic IP address distribution):
tar xvfz ducling-dyn-1-0.tgz
and write the image file, ducling-1-0.img, to a formatted floppy using the Linux fdformat and dd commands:
fdformat /dev/fd0u1722 dd if=ducling-dyn-1-0.ima of=/dev/fd0u1722Once the floppy disk image is created as mentioned above, you will have a bootable Linux floppy diskette.
The zipfile/directory named modules contain the required network driver modules as well as optional modules for firewall masquerading. Copy the contents of the module zipfile or directory onto a separate second MS-DOS-formatted floppy diskette for the configuration portion of this discussion (below). In Linux, format a second floppy disk by running
mkdosfs /dev/fd0and mounting the floppy drive and copying the modules over. Read the documentation included in the README files, which will give you details on configuring your firewall/router.
If you are unable to fit all the desired packages and modules onto a single floppy diskette, you will need to examine alternative setups that use dual floppy diskettes (see the included README files with the DUCLING distribution), a bootable CD-ROM or even a small hard disk. Refer to the on-line sources of LRP documentation for further information.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Google's Abacus Project: It's All about Trust
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Back to Backups
- Secure Desktops with Qubes: Introduction
- Linux Mint 18
- Secure Desktops with Qubes: Installation
- Working with Command Arguments
- Fancy Tricks for Changing Numeric Base
- Seeing Red and Getting Sleep
- CentOS 6.8 Released
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide