VTun

Link your home and office securely with a virtual private network.

Depending on your distribution, configuration might fail with an error that LZO is not installed. LZO is a compression library used by VTun. It can be downloaded from www.oberhumer.com/opensource/lzo/download. Build and install LZO, then retry VTun installation.

Upon installation, VTun places its configuration file at /usr/local/etc/vtund.conf. This can be extremely confusing as the client and server need separate entries in the tunnel specification section. To avoid confusion, I suggest moving vtund.conf to vtund-client.conf and vtund-server.conf as appropriate. Then, manually specify a path to the relevant configuration file on startup. This recommendation is used throughout the following configuration discussion.

VTun Configuration Files

The VTun configuration file format is relatively straightforward (see Listings 1 and 2). The file is organized into three discrete units. First is a set of global options defining basic parameters, such as server port number and paths to helper programs. Second is a set of default session options that define the networking properties of the tunnel. These properties can be overridden as needed in the configuration of a specific tunnel.

One tunnel configuration parameter that deserves special attention is keepalive. Office system administrators often set a low idle time on active connections through their firewalls. If your tunnel is inactive for longer than this deadline, even a few minutes, your connection times out. Enabling keepalive instructs VTun to circumvent this behavior by periodically sending packets from client to server, convincing the firewall the connection is in active use.

The final unit of options defines the configuration for a specific tunnel. The configuration file can contain any number of settings of this type, allowing clients and servers to be involved in multiple VPNs. Each tunnel configuration group begins with a name. I have chosen the name my_tunnel, but the name is an arbitrary designation. Each tunnel can configure a password, though this option generally is ignored when the tunnel is created over SSH. The up and down blocks describe a set of commands run when the tunnel is created and destroyed, respectively.

The simple configuration files in Listings 1 and 2 instruct VTun to create the tunnel interface on each system once the connection is established. The configuration files use the pattern %% to represent the tunnel interface, so multiple tunnels can be created in any order. The actual name of the tunnel interface begins with the prefix tun followed by a digit. The first tunnel created is tun0.

Creating a VTun VPN

Let's put this basic understanding of VTun configuration into practice, using Listings 1 and 2 to create a simple tunnel. You can find the Listings at ftp.linuxjournal.com/pub/lj/listings/issue112/6675.tgz if you would prefer not to enter them by hand. Save vtund-server.conf to /usr/local/etc/ on the office machine, and save vtund-client.conf to /usr/local/etc/ on the home machine. With the config files in place, initiate the VTun processes on each machine. As root, start the server on the office desktop:

vtund -f /usr/local/etc/vtund-server.conf -s
______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

little change

Anonymous's picture

the pass configuration value now is passwd

Re: VTun

Anonymous's picture

Very interesting. I currently have one network with three clients. Most importantly, there is a wireless leg, which requires better security. I tend to use all the hosts on the network from the wireless client and, fairly often, I'll use X programs remotely (thus, there is a lot of traffic.) The best solution may be to divide the LAN in two and bridge the halves with VTun over SSH.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState