Setting up VPN on SUSE 10
Novell Cool Solutions: Tip
By Kevin Alexander
|
Digg This -
Slashdot This
Posted: 28 Jun 2006 |
Problem
I needed to connect to the office VPN as well as browse the Internet over my local Lan connection any time I am outside the office. I use a laptop (Suse 10.0 KDE 3.5 you can the read the ongoing saga of my SUSE laptop here http://www.ninox.ca/linux-on-laptops) so my connection could be modem(modem0), Ethernet(eth0) or the preferred wireless (ath0) connection. I used the tools that were included in SUSE 10 and I guess you could say the VPN worked "right out of the box" in SUSE10. (this is a first for me on Linux as server to server IPSec or VPN is relatively easy but a user managed VPN is something a little new for Linux)
Solution
Here is an excellent "how to" without which I would have been lost:
http://pptpclient.sourceforge.net/howto-suse-100.phtml(a) In YaST2 select Network Devices then DSL.
(b) Add a custom provider with an Authorization User Name that matches your PPTP server account.
Note** The provider name should match your windows domain (at the office) or it should be the host name of your VPN server eg; vpn.tenthpower.com
User and password are those provided by your VPN admin
Next I deselected modify DNS when connected and external firewall interface.
I set idle timeout to 0 so I could just disconnect when I wanted.
In IPDetails I deselected default route
(c) Add a DSL device with PPP Mode set to Point to Point Tunneling Protocol and Modem IP set to your PPTP server IP address.
BTW when you modify anything in DSL Configuration in YAST you will loose network connectivity and you must issue a "sudo /sbin/rcnetwork restart" once you commit your changes because the network halts for some reason. (hummm suse is this a bug??).
Next I modified /etc/ppp/peers/pptp with:
noauth
require-mppe
mtu 1450
mru 1450
**note these items should match those set my your VPN admin
** we used mppe because a few people will need to connect via windoze<sic> and the mtu/mru were set low because of the encryption overhead.
then I created /etc/ppp/ip-up.local with:
#!/bin/bash if [ "$1" = "dsl0" ]; then /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 dev dsl0 /sbin/route add -net 192.168.5.0 netmask 255.255.255.0 dev dsl0 fi
You will have to ask your system admin what your default subnets are and change then accordingly Also make ip-up.local executable with "chmod +x ip-up.local.
Next in YAST modify sysconfig:
system > etc/sysconfig editor then other > etc > sysconfig > SUsefirewall2
Add 1733 to FW_SERVICES_EXT_TCP
Add gre to FW_SERVICES_EXT_IP
Add gre to FW_SERVICES_DMZ_IP
Add gre to FW_SERVICES_INT_IP
(d) Try the connection using Kinternet, by selecting DSL0.
It is that simple.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com