Create a Linux VPN for a Nokia E61 with Openswan
Listing 11. Punching a little hole in the firewall. Note that the e61 is set in /etc/hosts to 192.168.6.252.
iptables -X REMOTEVPN_INPUT 2>/dev/null iptables -X REMOTEVPN_OUTPUT 2>/dev/null iptables -N REMOTEVPN_INPUT iptables -N REMOTEVPN_OUTPUT iptables -I INPUT -j REMOTEVPN_INPUT iptables -I OUTPUT -j REMOTEVPN_OUTPUT iptables -A REMOTEVPN_INPUT -p esp -j ACCEPT iptables -A REMOTEVPN_INPUT -m udp -p udp \ --dport isakmp -j LOG \ --log-prefix "incoming-ipsec-key " iptables -A REMOTEVPN_INPUT --src e61 \ -p tcp --dport imaps -j LOG \ --log-prefix "incoming-imaps " iptables -A REMOTEVPN_INPUT -m udp -p udp \ --dport isakmp -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 -p tcp \ --dport imaps -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 -p tcp \ --dport smtp -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 -p tcp \ --dport squid -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 \ -j LOG --log-prefix "e61-strange " iptables -A REMOTEVPN_OUTPUT -p esp -j ACCEPT iptables -A REMOTEVPN_OUTPUT -m udp -p udp \ --sport isakmp -j LOG \ --log-prefix "outgoing-ipsec-key " iptables -A REMOTEVPN_OUTPUT -m udp -p udp \ --sport isakmp -j ACCEPT
Listing 12. Remove the e61 access.
iptables -D INPUT -j REMOTEVPN_INPUT iptables -D OUTPUT -j REMOTEVPN_OUTPUT
One more complication exists for using some of the publicly available Wi-Fi hotspots. Depending on where on the globe you are, many of these hotspots follow the pattern that when you try to open a Web site, they redirect you to their Wi-Fi login page, you authenticate to them, and then you can use the Internet. If you simply open up a VPN access point on the e61 that is set to use the EasyWLAN as its Internet access point, things will not work. The e61 will start the Wi-Fi connection and immediately try to send data to set up a VPN connection. As you have to authenticate with the Wi-Fi hotspot before this, it will let traffic through, but then things will come crashing down.
A way to get around this is to open the Web browser and directly connect just using EasyWLAN without any VPN whatsoever. Once you have authenticated to the hotspot, leave the browser running and use the menu key to get back to the main menu, and then open the e-mail client. For the access point this time, use the VPN that has EasyWLAN set as its Internet access point. The existing Wi-Fi connection is reused, and the VPN is layered on top. To get secure Web browsing, you can then leave the e-mail program by holding the menu key and going back to the browser. Exit the browser, and the still-running e-mail program holds the VPN open. Start the browser again, and select the VPN as your access point.
Of course, if the Wi-Fi network you are connecting to allows connections without this preamble, opening any application that wants a data connection should allow you to select the new VPN as your access point. Also, if the Wi-Fi hotspot remembers your MAC address and allows reconnection without explicitly having to log in each time, you can start the VPN directly on subsequent connections.
Once the VPN has connected to vserv, the e61 prompts you for the user name and password to use for XAUTH verification (Figure 8).
After XAUTH verification, you should be able to use the VPN without noticing it. In this case, I can browse the Internet using my LANs proxy server to fetch the data (Figure 9).
Being able to use a DNS name in the e61 VPN policy would be wonderful for folks who don't have cheap access to static IP addresses. I'm still investigating how to connect using public key cryptography instead of the preshared key as shown in this article. For connecting a single e61 to the network, using a large enough preshared key should still be quite secure.
The information in the article comes with no guarantee of being correct, secure or suitable for anything; use it at your own risk and discretion.
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- RSS Feeds
- Validate an E-Mail Address with PHP, the Right Way
- Readers' Choice Awards
- Tech Tip: Really Simple HTTP Server with Python
33 min 3 sec ago
- Reply to comment | Linux Journal
1 hour 5 min ago
- All the articles you talked
3 hours 29 min ago
- All the articles you talked
3 hours 32 min ago
- All the articles you talked
3 hours 33 min ago
7 hours 58 min ago
- Keeping track of IP address
9 hours 49 min ago
- Roll your own dynamic dns
15 hours 2 min ago
- Please correct the URL for Salt Stack's web site
18 hours 14 min ago
- Android is Linux -- why no better inter-operation
20 hours 29 min ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?