VTun

Link your home and office securely with a virtual private network.

Depending on your distribution, configuration might fail with an error that LZO is not installed. LZO is a compression library used by VTun. It can be downloaded from www.oberhumer.com/opensource/lzo/download. Build and install LZO, then retry VTun installation.

Upon installation, VTun places its configuration file at /usr/local/etc/vtund.conf. This can be extremely confusing as the client and server need separate entries in the tunnel specification section. To avoid confusion, I suggest moving vtund.conf to vtund-client.conf and vtund-server.conf as appropriate. Then, manually specify a path to the relevant configuration file on startup. This recommendation is used throughout the following configuration discussion.

VTun Configuration Files

The VTun configuration file format is relatively straightforward (see Listings 1 and 2). The file is organized into three discrete units. First is a set of global options defining basic parameters, such as server port number and paths to helper programs. Second is a set of default session options that define the networking properties of the tunnel. These properties can be overridden as needed in the configuration of a specific tunnel.

One tunnel configuration parameter that deserves special attention is keepalive. Office system administrators often set a low idle time on active connections through their firewalls. If your tunnel is inactive for longer than this deadline, even a few minutes, your connection times out. Enabling keepalive instructs VTun to circumvent this behavior by periodically sending packets from client to server, convincing the firewall the connection is in active use.

The final unit of options defines the configuration for a specific tunnel. The configuration file can contain any number of settings of this type, allowing clients and servers to be involved in multiple VPNs. Each tunnel configuration group begins with a name. I have chosen the name my_tunnel, but the name is an arbitrary designation. Each tunnel can configure a password, though this option generally is ignored when the tunnel is created over SSH. The up and down blocks describe a set of commands run when the tunnel is created and destroyed, respectively.

The simple configuration files in Listings 1 and 2 instruct VTun to create the tunnel interface on each system once the connection is established. The configuration files use the pattern %% to represent the tunnel interface, so multiple tunnels can be created in any order. The actual name of the tunnel interface begins with the prefix tun followed by a digit. The first tunnel created is tun0.

Creating a VTun VPN

Let's put this basic understanding of VTun configuration into practice, using Listings 1 and 2 to create a simple tunnel. You can find the Listings at ftp.linuxjournal.com/pub/lj/listings/issue112/6675.tgz if you would prefer not to enter them by hand. Save vtund-server.conf to /usr/local/etc/ on the office machine, and save vtund-client.conf to /usr/local/etc/ on the home machine. With the config files in place, initiate the VTun processes on each machine. As root, start the server on the office desktop:

vtund -f /usr/local/etc/vtund-server.conf -s
______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

little change

Anonymous's picture

the pass configuration value now is passwd

Re: VTun

Anonymous's picture

Very interesting. I currently have one network with three clients. Most importantly, there is a wireless leg, which requires better security. I tend to use all the hosts on the network from the wireless client and, fairly often, I'll use X programs remotely (thus, there is a lot of traffic.) The best solution may be to divide the LAN in two and bridge the halves with VTun over SSH.

Geek Guide
The DevOps Toolbox

Tools and Technologies for Scale and Reliability
by Linux Journal Editor Bill Childers

Get your free copy today

Sponsored by IBM

Webcast
8 Signs You're Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
On Demand
Moderated by Linux Journal Contributor Mike Diehl

Sign up and watch now

Sponsored by Skybot