FC11 VPN Setup

Icharus · #1 7th July 2009, 04:56 AM

I've googled and searched here, so I apologize if I'm posting a redundant topic. I'm still pretty green in Fedora and Linux in general, too, so I may just be barking up the wrong tree.
Now that all the caveats are covered...
I'd like to set up a VPN in Fedora 11. My main box is running FC11, and I'd like to be able to access it from long distances. I'd be accessing it with either an XP, a Mac, or an Xubuntu laptop. The problem is, I have no idea how to go about setting it up as the server.
Doe anyone know how to do this, or where to find a good article on it?
I'm using a Netgear wpn824 wireless router, so setting up a firmware firewall vpn might be impossible.
Cheers in advance for all help!

den23513 · #2 7th July 2009, 06:46 AM

This script will create simple vpn server for FC10/11 (copy and past to file, make it executable, and run):

Code:

#! /bin/bash
#
# Writen by Den
#

# Check if script runs under root
if ! [ "$(whoami)" = "root" ]; then
    echo "You have to run me with root user priveleges!"
    exit 1
fi

# Install repository
if ! rpm -q "pptp-release" >/dev/null 2>&1; then
	echo "Poptop repository not installed!"
	echo "Trying to download and add it to the system..."
	if rpm -Uvh http://poptop.sourceforge.net/yum/stable/fc10/pptp-release-current.noarch.rpm >/dev/null 2>&1; then
	    echo "(II) poptop repo added to the system"
	else
	    echo "Download failed! Check internet connection and try again!"
	    exit 1
	fi
fi

# Install required packages
pk="pptpd"
for i in $pk; do
	if ! rpm -q $i >/dev/null 2>&1; then
		required_packages="$required_packages $i"
	fi
done

if ! [ "$required_packages" = "" ]; then
	echo "Some packages not found on your system. Trying to download and install..."
	if ! yum -y install $required_packages; then
		echo "Download failed! Check internet connection and try again!"
		exit 1
	else
		echo "Installation success!"
	fi
fi

# Check, if /etc/ppp/options.pptpd file already exists, then backup it
if [ -f /etc/ppp/options.pptpd ]; then
    cp /etc/ppp/options.pptpd /etc/ppp/options.pptpd.back.`date +%Y%m%d%H%M`
fi

# Check, if /etc/pptpd.conf file already exists, then backup it
if [ -f /etc/pptpd.conf ]; then
    cp /etc/pptpd.conf /etc/pptpd.conf.back.`date +%Y%m%d%H%M`
fi

# Creating /etc/pptpd.conf config
cat > /etc/pptpd.conf << EOF
option /etc/ppp/options.pptpd
logwtmp
localip 10.8.1.1
remoteip 10.8.1.2-10
EOF

# Creating /etc/ppp/options.pptpd config
cat > /etc/ppp/options.pptpd << EOF
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 10.8.1.1
ms-wins 10.8.1.1
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
EOF

# Enable daemons
chkconfig pptpd on

# Start daemons
service pptpd start

# Print info
echo "You have to add your remote users to /etc/ppp/chap-secrets:"
echo
echo "username   pptpd   password   *"
echo 
echo "Setup completed!"

Now you can add users and passwords to /etc/ppp/chap-secrets, and dont forget to open 1723 port in your firewall and router.

**nirik** · #3 7th July 2009, 06:51 AM

I prefer openvpn...

yum install openvpn

Then take a look at the docs:
http://openvpn.net/index.php/open-so...mentation.html

Basically you setup your home machine in server mode, and your roaming machines as clients.

If you run into issues, I can try and find a more detailed howto.

stefan1975 · #4 7th July 2009, 06:51 AM

personally i would never use pptp unless i absolutely had to, but that is just me. I have found OpenVPN much more versatile and much more stable, besides you can actually route through openvpn and the tunnel remains stable even with multiple users or putting lots of data through the tunnel .... besides pptp is the microsoft tunneling protocol ...... jikes!

here is the official HOWTO
http://fedoraproject.org/wiki/Openvpn

den23513 · #5 7th July 2009, 07:15 AM

I prefer the openvpn too. It more secure and more stable.... But, if I need just for second to make tunelling connection to my machine - this is the simple way to do.

Icharus, why not to use ssh?

stefan1975 · #6 7th July 2009, 07:40 AM

ssh is great too yes, if you don't need a lot of X or tunnel X through ssh and portforward 22 from your router to the fedora box. Another easy solution to access your desktop remotely might be VNC. I use it all the time to take over my fedora desktop at home from work.

Icharus · #7 13th July 2009, 11:08 PM

Many, many thanks to you all!
In response to almost 90% of your questions, it's because of my relative green-ness to the topic at hand.
The only VPNs I've ever run were Microsquash based, and run from the firmware of a firewall. This is all new ground to me.
So, in the interest of furthering my education:
How would I set up an SSH connection?
--
With regards to VNC, I want to be able to access files and read/write files to/from the Fedora box remotely. Does VNC do that?

den23513 · #8 14th July 2009, 12:58 PM

To connect to remote machine thought ssh:

$> ssh your_username@remote_machine_hostname

If you want to connect from window$ OS - download putty

Open port 22 in your router.
On the server side you needn't to do nothing. SSH service usually on an running...

To copy files from one comp to other:
$> scp localfilename your_username@remote_machine_hostname:/path/to/place/the/file

stefan1975 · #9 14th July 2009, 02:30 PM

Code:

chkconfig sshd on
service sshd start
system-config-firewall (and allow port 22 in the fedora firewall)

if sshd isn't running on your system. From what i remember it should be when using the live cd to install but it isn't by default on the sshd install.

apart from allowing 22 in your router, it should ofcourse also be (port)forwarded to the ip-address of the fedora server.