Novell Home

Setting up VPN on SUSE 10

Novell Cool Solutions: Tip
By Kevin Alexander

Digg This - Slashdot This

Posted: 28 Jun 2006
 

Problem

I needed to connect to the office VPN as well as browse the Internet over my local Lan connection any time I am outside the office. I use a laptop (Suse 10.0 KDE 3.5 you can the read the ongoing saga of my SUSE laptop here http://www.ninox.ca/linux-on-laptops) so my connection could be modem(modem0), Ethernet(eth0) or the preferred wireless (ath0) connection. I used the tools that were included in SUSE 10 and I guess you could say the VPN worked "right out of the box" in SUSE10. (this is a first for me on Linux as server to server IPSec or VPN is relatively easy but a user managed VPN is something a little new for Linux)

Solution

Here is an excellent "how to" without which I would have been lost:

http://pptpclient.sourceforge.net/howto-suse-100.phtml

(a) In YaST2 select Network Devices then DSL.

(b) Add a custom provider with an Authorization User Name that matches your PPTP server account.

Note** The provider name should match your windows domain (at the office) or it should be the host name of your VPN server eg; vpn.tenthpower.com

User and password are those provided by your VPN admin

Next I deselected modify DNS when connected and external firewall interface.

I set idle timeout to 0 so I could just disconnect when I wanted.

In IPDetails I deselected default route

(c) Add a DSL device with PPP Mode set to Point to Point Tunneling Protocol and Modem IP set to your PPTP server IP address.

BTW when you modify anything in DSL Configuration in YAST you will loose network connectivity and you must issue a "sudo /sbin/rcnetwork restart" once you commit your changes because the network halts for some reason. (hummm suse is this a bug??).

Next I modified /etc/ppp/peers/pptp with:

noauth
require-mppe
mtu 1450
mru 1450

**note these items should match those set my your VPN admin
** we used mppe because a few people will need to connect via windoze<sic> and the mtu/mru were set low because of the encryption overhead.

then I created /etc/ppp/ip-up.local with:

#!/bin/bash
if [ "$1" = "dsl0" ]; then
 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 dev dsl0
 /sbin/route add -net 192.168.5.0 netmask 255.255.255.0 dev dsl0
fi

You will have to ask your system admin what your default subnets are and change then accordingly Also make ip-up.local executable with "chmod +x ip-up.local.

Next in YAST modify sysconfig:

system > etc/sysconfig editor
then
other > etc >  sysconfig > SUsefirewall2

Add 1733 to FW_SERVICES_EXT_TCP

Add gre to FW_SERVICES_EXT_IP

Add gre to FW_SERVICES_DMZ_IP

Add gre to FW_SERVICES_INT_IP

(d) Try the connection using Kinternet, by selecting DSL0.

It is that simple.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell