swift 05/08/07 20:09:53 Added: xml/htdocs/doc/en/draft vpnc-howto.xml Log: Adding draft vpnc howto from #97760
Revision Changes Path 1.1 xml/htdocs/doc/en/draft/vpnc-howto.xml file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/vpnc-howto.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/vpnc-howto.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo Index: vpnc-howto.xml =================================================================== <?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> <guide link="/doc/en/draft/vpnc-howto.xml"> <title>Gentoo vpnc HOWTO</title> <author title="Author"> David H. Askew </author> <!-- My email address is dhaskew on earthlink.net --> <abstract> This document details how to connect your workstation to a Cisco VPN concentrator utilizing vpnc to manage the connection. </abstract> <!-- The content of this document is licensed under the CC-BY-SA license --> <!-- See http://creativecommons.org/licenses/by-sa/2.5 --> <license/> <version>0.9</version> <date>2005-08-01</date> <chapter> <title>Introduction</title> <section> <body> <p> If you're reading this, then you likely need to connect to your office network from home or during travel. Many companies utilize Cisco 3000 VPN concentrators for their VPN needs, and I am willing to bet that most Linux newbies think that they are forced to use Windows to connect to them. Well this document informs you that connecting to a Cisco VPN is very well be possible and will hopefully enable to you to setup a working tunnel using your Gentoo workstation or laptop. </p> </body> </section> <section> <title>What this document is</title> <body> <ul> <li>A guide to the basic workings of vpnc</li> <li>A discussion of DNS and routing issues that relate to VPNs</li> <li>Examples of managing VPN sessions</li> <li>Useful tips and tricks (hopefully)</li> </ul> </body> </section> <section> <title>What this document is not</title> <body> <ul> <li>An in-depth guide to VPN / encryption technologies</li> <li>A feature by feature explanation of vpnc</li> </ul> </body> </section> <section> <title>Assumptions</title> <body> <p> The assumptions made at this point are: </p> <ul> <li>You have Gentoo installed</li> <li>You have Internet access</li> <li>You want to connect to a Cisco 3000 VPN concentrator</li> <li>You know how to configure, build and install a new kernel</li> </ul> </body> </section> </chapter> <chapter> <title>Kernel Configuration</title> <section> <body> <p> In order for Linux to be able to open a VPN connection <e>Universal TUN/TAP device driver support</e> must be enabled in the kernel. What is it and why do you need it? Below is a relatively straight forward explanation from the kernel configuration dialog: </p> <pre caption="CONFIG_TUN:"> TUN/TAP provides packet reception and transmission for user space programs. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program. When a program opens /dev/net/tun, driver creates and registers corresponding net device tunX or tapX. After a program closed above devices, driver will automatically delete tunXX or tapXX device and all routes corresponding to it. </pre> <p> You can verify if your kernel has TUN/TAP support with the following command: </p> <pre caption="Checking the kernel config"> # <i>cat /usr/src/linux/.config | grep TUN</i> CONFIG_INET_TUNNEL=m # CONFIG_INET6_TUNNEL is not set # CONFIG_IPV6_TUNNEL is not set CONFIG_TUN=m # CONFIG_8139TOO_TUNE_TWISTER is not set </pre> <p> As you can see above, <c>CONFIG_TUN=m</c> is compiled as a module. If it is disabled in your setup, enable it in your kernel of choice, rebuild, install, reboot and return to this document before continuing with the next steps. </p> <pre caption="Configuration location in the kernel configuration dialog"> Device Drivers ---> Networking support ---> [*] Universal TUN/TAP device driver support </pre> <p> If you already have TUN/TAP support built in your kernel, or you just booted your computer after a fresh kernel build, then you need to verify that the kernel has the appropriate code initialized. </p> <p> If you built TUN/TAP support directly into the kernel, you should see information from <c>dmesg</c> output like the following: </p> <pre caption="Checking dmesg output"> # <i>dmesg | grep TUN</i> Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky </pre> <p> If you build TUN/TAP support as a module, you first must load the <c>tun</c> module: </p> <pre caption="Load tun module"> # <i>modprobe tun</i> # <i>lsmod</i> Module Size Used by tun 7296 0 nvidia 4050204 12 </pre> <p> Now that the <c>tun</c> module is loaded, check <c>dmesg</c> output. You should see something like the following: </p> <pre caption="Checking dmesg output"> # <i>dmesg | grep TUN</i> Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky </pre> </body> </section> </chapter> <chapter> <title>Install Needed Software</title> <section> <body> <p> Now that you have a working kernel setup, you need to install <c>net-misc/vpnc</c>: </p> <pre caption="Installing vpnc"> # <i>emerge net-misc/vpnc</i> </pre> </body> </section> </chapter> -- [email protected] mailing list
