# Straight-foward VPN?

## Dreq

I've been using linux for quite a while but haven't touched VPN in linux -- but now I need to (for work). In windows, I just create a new connection, select VPN, give them the IP, and connect. It pops up a name/pass box, and after i type it in, i'm on the VPN... How would I go about doing that in linux?

----------

## Dlareh

VPNs exist for linux, but if you're doing something simple ssh tunneling could save you some trouble.

----------

## Dreq

I am actuially trying to VPN onto the network so I can run rdesktop and remote desktop my PC at work (I've done this several times on this box in windows but I've since removed the windows partition). I (obviously) cannot access my PC at work without a VPN connection. I've seen OpenVPN as well as kvpnc (which gives me a tun mod error), but neither seem straight foward to me (I'm not exactly knowledgable about vpn).

----------

## Dlareh

Here's a template of what I use in my ~/.bashrc:

```
function rdesk {

    if ping -c 1 -W 1 $1 >&/dev/null; then

        rdesktop -a 24 -g 1200x900 -r sound:remote -u AD_USERNAME -d AD_DOMAIN -T $1 $1 &

    else

        if ping -c 1 -W 1 PUBLIC_SSH_HOST.YOURWORK.COM >&/dev/null; then

            ssh -NfL 2289:$1:3389 USERNAME@PUBLIC_SSH_HOST.YOURWORK.COM

            rdesktop -a 15 -g 900x700 -r sound:local -u AD_USERNAME -d AD_DOMAIN -T $1 localhost:2289 &

        else

            echo "Um, with what connection?"

        fi

    fi

}; alias yfh='rdesk yourfavoritehost'
```

Works like a charm.

PuTTY can tunnel ssh as well, if you're running MSTSC.EXE from a remote windows box.

If for some ungodly reason only windows hosts are publically accessible, just use Cygwin's OpenSSH on one of them.

All of this is very secure and much simpler than setting up a VPN in my estimation.

----------

## Dreq

I'm getting a no-go with that. I still don't see how SSH is supposed to get VPN working either >.<

----------

## Dlareh

 *Dreq wrote:*   

> I still don't see how SSH is supposed to get VPN working either >.<

 

It's not a VPN.  It is an alternative.

If you can ssh to PUBLIC_SSH_HOST.YOURWORK.COM using protocol version 2, and tunneling is enabled there in /etc/ssh/sshd_config, and you can ping "yourfavoritehost" from that machine, then:

"rdesk yourfavoritehost" should work.

Where exactly are you getting a "no-go" ?

----------

## Dreq

SSH just sits there and does nothing. The entire network is behind a firebox. I ~know~ they aren't using a SSH server. They are using your typical name/password VPN server (its a 2-second setup in windows).

----------

## allucid

I'm guessing at his work they have a network with primarily windows servers, no ssh servers running, and some proprietary VPN solution. He wants a program that is merely an interface that allows him to connect to the Windows VPN server with his Linux machine. 

I don't know if anything like what you are looking for exists but I am not sure. What VPN software are they using at your workplace?

----------

## flybynite

You need to find out what kind of vpn they are using at work.  Some are windows default but what version of windows?  Some are proprietary addons.

Here are some possible compatible clients:

* net-dialup/pptpclient

     Available versions:  1.3.1 1.5.0-r1 ~1.5.0-r2 ~1.6.0

     Installed:           no

     Homepage:            http://pptpclient.sourceforge.net/

     Description:         Linux client for PPTP

* net-dialup/pptpconfig

     Available versions:  ~20040722

     Installed:           no

     Homepage:            http://pptpclient.sourceforge.net/

     Description:         Configuration and management program for PPTP Client tunnels

----------

## Dreq

I believe they are running windows 2003 server, and I'm pretty sure they would be using a built-in solution.

----------

## kim_asplund

Hi.

Have you patched your kernel with mppe/mppc support?

And "pptpclient" is a fairly straight forward client that i have used my self with much sucess. and the server being a W2K3 server

News flash from http://pptpclient.sourceforge.net/

 *Quote:*   

> Newsflash: MPPE in Linux 2.6.12-rc4-mm2 
> 
> Thanks to Matt Domsch, Frank Cusack, and Brice Goglin, an MPPE patch using in-kernel crypto functions has been accepted into the Linux kernel 2.6.12-rc4-mm2 by Andrew Morton, for review and testing.
> 
> The development team welcomes test reports. If you'd like to test this kernel on a system that you can afford to lose data from, grab the 2.6.11 source tar.bz2, apply the 2.6.12-rc4 patch, then the 2.6.12-rc4-mm2 patch. You can find each of these on kernel.org.
> ...

 

And if you realy want to make it simple emerge "webmin" and use it to configure your connection through your web browser.

----------

## jamapii

Overview:

SSH tunneling

 *Dlareh wrote:*   

>  *Dreq wrote:*   I still don't see how SSH is supposed to get VPN working either >.< 
> 
> It's not a VPN.  It is an alternative.

 

Using SSH this way, you can encrypt traffic, and you can block VNC on the router but use it anyway. But you must make ssh tunnels for each application. It's a good ad hoc solution. tightvnc supports it via simple command line options.

ppp over ssh

This can be done with "simple" scripts, there are a few of these on the net. You only need ssh, ppp and the script. Set up the script with a few variables at the top, or tweak the script itself if it doesn't work correctly/reliably. Problem: TCP over TCP.

pptp

This is good for communicating with Windows. It may require special kernel extensions (look for mppc-mppe, GRE, GRE tunneling). Packet filters can disrupt it without GRE support. The usual Windows problems apply: each Windows client may require its own tweaks on the server, rumors about insufficient security, patents, ...

 *Dreq wrote:*   

> In windows, I just create a new connection, select VPN, give them the IP, and connect. It pops up a name/pass box,

 You most likely need to start with pptpclient.

openvpn

You need to use ssl to generate certification authorities, certificates, keys, etc. It can use public-key encryption like SSH and PGP, this means you can transmit the public key without restrictions and keep the secret key where it has been created. It may be compley to set up, but there are good instructions, and once you have made a script that handles "adding another client", it's easy. It can connect over UDP. I prefer this VPN when possible.

IPsec etc

Don't know about these, but if it involves TCP over TCP, it may be better to fall back to openvpn.

----------

