VTun is a simple and secure
method of creating encrypted virtual point-to-point tunnels between
two hosts, using strong encryption and a kernel-mode tun device.
VTun is pretty easy to install, as it can be as simple as
installing 3 RPM packages. Still, most of the problems seen on the vtun-users
mailing list stem from improper installation or configuration. My
goal, with this document, is to quickly lead the reader through the
procedure I use for my own WAN. It's a sure-fire, no-hassle method of
installation. You *have* to follow the procedure, though; if you do
something strange you will introduce added complexity, and I'm not
sure I can be of any help.
A note about RPMs, DEBs and other package formats; Use them (I have
a page on the go, but it's not done yet). Here's one anecdote to tide
you over: Because I have some varied hosts on my WAN, I tweak, re-release and
support installation via packages for Redhat 6.2-8.0 and some Caldera
Open Linux 3.1 and SCOLinux 4.0 (ul10). These packages install
quickly on the systems and require very minimal tweaking
post-installation, if any. I'm forgetful, and I'd rather my RPM did
the work for me, thanks. The procedure, then, is this: Freshen your system packages, build
or install the packages you need, and then configure your VTun
system. This is a straightforward procedure. I like to grab all the RPMs,
recursively, and do an RPM -Fvh on the i386, i686 and then noarch
directories, in order. It's not much harder than that. Here are some
(outdated? mail me) links to common update points: (Sorry for the painfully stupid non-standard location of the SCO
Linux 4.0 update stuff; nothing I can do about it. When asked, they
didn't see a reason why they should not re-invent the wheel, or look
to see what ANYONE, even THEY were doing, and copy that. But,
remember, some fights are not worth fighting.) Not much changes here: the tun module is included as part of the
kernel distribution, so you don't need to rebuild the tun module each
time and can actually use binary packages to install the software: Yes, there's a point to all the repetition above: many people claim
that installation is too hard, or takes too long, and I'm curious to
know what's too hard or too long about one command line. Remember: If the above procedure doesn't work splendidly, you may
need to rebuild the package. Replace rh62, below, as needed, with
your distro and run that procedure. Much of the kernel stuff changed a lot over this release. It's
best to rebuild the packages. Make sure you have your system up to
date, make sure you have the kernel-source and kernel-headers packages
in place, and do this: Remember to rebuild and re-install the >tun module after a kernel upgrade. Things
will have changed enough so you will need a new installation of the
tun module. I'm gonna plug my own tool here, as well as listing some
references. The proper configuration of your VTun system is
important, as it's why you actually came here. A badly-configured
vtun system can lightly pester the wrong server, cause security
problems and just may make your dog stop worshipping you. In no particular order (so don't think I prefer one over the other): Earnestly sought. Do I have to even say that? I love corrections
to my stuff. Don't be shy! Don't worry about how new versions, too,
as this document will update itself when a new package is
released. Netminder may be your friend, here. I added a totally fake link to the RH9 ">lzo package, because people were picking
up the RH80 packages and installing them. DON'T DO THAT, you
masochistic freak. The faked links just redirect over to the
canonical source for lzo under RH9, that nirvana that is Freshrpms.net. Paul at pkcom dot com dot uk's email helped me find a problem with
a script that generates the block of links at the top, and how it
deals with distros with only one number (eg RH9) in their name. It
looks like it works, but I'll have to watch it. Hey! Maxim Krasnyansky made me the VTun Project Manager and
Release Admin. Cool! Check it out here and here!
Pretty neat-o keen-o, huh? Some minor fixes to the filename generation script, that part that
ensures this page it automatically up to date, just a bit of pulling
code into includes, then into functions for some code that is simpler
to read. This cleanup will take a bit to get done, as it's a bit of a
hack now. At the very least, the inclusion means that the page isn't
time-stamped with each new munging of the mere background
functions. Just putting this one up now. It's a repository for a HOWTO and a
file list. That's about it, I think...Vtun Installation
"I switched to the RPMs and the tunnel came up on the first try.
-- Scott Henwood
Updating Your System
"ftp://ftp.rpmfind.net/linux/redhat/updates/6.2/en/os",
// "RedHat Linux 7.0" => "ftp://ftp.rpmfind.net/linux/redhat/updates/7.0/en/os",
"RedHat Linux 7.1" => "ftp://ftp.rpmfind.net/linux/redhat/updates/7.1/en/os",
"RedHat Linux 7.2" => "ftp://ftp.rpmfind.net/linux/redhat/updates/7.2/en/os",
"RedHat Linux 7.3" => "ftp://ftp.rpmfind.net/linux/redhat/updates/7.3/en/os",
"RedHat Linux 8.0" => "ftp://ftp.rpmfind.net/linux/redhat/updates/8.0/en/os",
"RedHat Linux 9" => "ftp://ftp.rpmfind.net/linux/redhat/updates/9/en/os",
"Caldera Open Linux 3.1 Server" => "ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/",
"Caldera Open Linux 3.1.1 Server" => "ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/"
,"SCO Linux 4 (United Linux 1.0)" => "ftp://ftp.caldera.com/pub/scolinux/server/4.0/updates"
);
/*
while (list ($name, $site) = each ( $updarr))
echo "
Installation for COL31 and RH71-80
# still totally obvious and hard RH9 one-step install!
rpm -Uvh
OR
# still totally confusing and hard RH80 one-step install!
rpm -Uvh
OR
# really confusing and hard RH73 install!
rpm -Uvh
OR
# another confusing and hard RH72 install!
rpm -Uvh
OR
# it'd be repetitive to list RH71 install
# if your system is NOT updated, don't use this procedure!
# if you do, it will hose your system and I will laugh at you!
rpm -Uvh
OR
# I may not have all the packages for this
# It should be IDENTICAL to the RH72 procedure, above
rpm -Uvh
Installation for RH62
# Clean Up to prevent install problems:
rpm -e cyrus-sasl-devel # bad md5 header kills vtun compile
# this may fail. Ignore it, and don't panic
# This stops tun compile from dying.
# copy a matching .config into /usr/src/linux from
# /usr/src/linux/configs/ if this fails, and try again.
# Use 'uname -a' for clues.
make -C /usr/src/linux oldconfig
# Build and install tun:
rpm --rebuild
rpm -Uvh /usr/src/redhat/RPMS/i386/tun-
# Build and install lzo:
rpm --rebuild
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*
# Build and install vtun:
rpm --rebuild
rpm -Uvh /usr/src/redhat/RPMS/i386/vtun-
# Remove unnecessary packages:
rpm -e lzo-devel # optional
VTun Configuration
Hey. It's a good reference, but it's a bit confusing, imho, or
was to me.
Good example, but remember to enable different parts for client
and server - otherwise your routing will suck.
I got credit here, I think, for something like a mere spelling
check. It's a great document, and I'm sorry I didn't have a
better part in its creation.
It's difficult to use, I think, for first-timers. To that end,
here's
a quick config for a two-host vtun connection. You can play
with the 'Show' drop down box to view the configuration for each
host.
Note the strange location. If that goes away, look for it here.
It's sitting on the Ducky machine only temporarily, because the
regular host has a PHP that is acting funny on some of the code.
No big deal, but I do have to move it until the PHP is changed.
Comments
Changes
20030623
©
Bishop Clark (LC957 @ Whois) All Rights Whateverthefuck