VTun

Link your home and office securely with a virtual private network.

Depending on your distribution, configuration might fail with an error that LZO is not installed. LZO is a compression library used by VTun. It can be downloaded from www.oberhumer.com/opensource/lzo/download. Build and install LZO, then retry VTun installation.

Upon installation, VTun places its configuration file at /usr/local/etc/vtund.conf. This can be extremely confusing as the client and server need separate entries in the tunnel specification section. To avoid confusion, I suggest moving vtund.conf to vtund-client.conf and vtund-server.conf as appropriate. Then, manually specify a path to the relevant configuration file on startup. This recommendation is used throughout the following configuration discussion.

VTun Configuration Files

The VTun configuration file format is relatively straightforward (see Listings 1 and 2). The file is organized into three discrete units. First is a set of global options defining basic parameters, such as server port number and paths to helper programs. Second is a set of default session options that define the networking properties of the tunnel. These properties can be overridden as needed in the configuration of a specific tunnel.

One tunnel configuration parameter that deserves special attention is keepalive. Office system administrators often set a low idle time on active connections through their firewalls. If your tunnel is inactive for longer than this deadline, even a few minutes, your connection times out. Enabling keepalive instructs VTun to circumvent this behavior by periodically sending packets from client to server, convincing the firewall the connection is in active use.

The final unit of options defines the configuration for a specific tunnel. The configuration file can contain any number of settings of this type, allowing clients and servers to be involved in multiple VPNs. Each tunnel configuration group begins with a name. I have chosen the name my_tunnel, but the name is an arbitrary designation. Each tunnel can configure a password, though this option generally is ignored when the tunnel is created over SSH. The up and down blocks describe a set of commands run when the tunnel is created and destroyed, respectively.

The simple configuration files in Listings 1 and 2 instruct VTun to create the tunnel interface on each system once the connection is established. The configuration files use the pattern %% to represent the tunnel interface, so multiple tunnels can be created in any order. The actual name of the tunnel interface begins with the prefix tun followed by a digit. The first tunnel created is tun0.

Creating a VTun VPN

Let's put this basic understanding of VTun configuration into practice, using Listings 1 and 2 to create a simple tunnel. You can find the Listings at ftp.linuxjournal.com/pub/lj/listings/issue112/6675.tgz if you would prefer not to enter them by hand. Save vtund-server.conf to /usr/local/etc/ on the office machine, and save vtund-client.conf to /usr/local/etc/ on the home machine. With the config files in place, initiate the VTun processes on each machine. As root, start the server on the office desktop:

vtund -f /usr/local/etc/vtund-server.conf -s
______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

little change

Anonymous's picture

the pass configuration value now is passwd

Re: VTun

Anonymous's picture

Very interesting. I currently have one network with three clients. Most importantly, there is a wireless leg, which requires better security. I tend to use all the hosts on the network from the wireless client and, fairly often, I'll use X programs remotely (thus, there is a lot of traffic.) The best solution may be to divide the LAN in two and bridge the halves with VTun over SSH.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix