[gentoo-doc-cvs] cvs commit: vpnc-howto.xml - gentoo-doc-cvs

From:	swift <swift@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: vpnc-howto.xml
Date:	Sun, 07 Aug 2005 20:10:17
Message-Id:	`200508072009.j77K9xqC016557@robin.gentoo.org`

1

swift       05/08/07 20:09:53

2

3

  Added:       xml/htdocs/doc/en/draft vpnc-howto.xml

4

  Log:

5

  Adding draft vpnc howto from #97760

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/doc/en/draft/vpnc-howto.xml

9

10

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/vpnc-howto.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo

11

plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/vpnc-howto.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo

12

13

Index: vpnc-howto.xml

14

===================================================================

15

<?xml version='1.0' encoding='UTF-8'?>

16

<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

17

18

<guide link="/doc/en/draft/vpnc-howto.xml">

19

20

<title>Gentoo vpnc HOWTO</title>

21

22

<author title="Author">

23

  David H. Askew

24

</author>

25

26

<!-- 

27

My email address is dhaskew on earthlink.net

28

-->

29

30

<abstract>

31

This document details how to connect your workstation to a Cisco VPN

32

concentrator utilizing vpnc to manage the connection.

33

</abstract>

34

35

36

<!-- The content of this document is licensed under the CC-BY-SA license -->

37

<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->

38

<license/>

39

40

<version>0.9</version>

41

<date>2005-08-01</date>

42

43

<chapter>

44

<title>Introduction</title>

45

<section>

46

<body>

47

48

<p>

49

If you're reading this, then you likely need to connect to your office network

50

from home or during travel.  Many companies utilize Cisco 3000 VPN concentrators

51

for their VPN needs, and I am willing to bet that most Linux newbies think that

52

they are forced to use Windows to connect to them.  Well this document informs

53

you that connecting to a Cisco VPN is very well be possible and will hopefully

54

enable to you to setup a working tunnel using your Gentoo workstation or laptop.

55

</p>

56

57

</body>

58

</section>

59

<section>

60

<title>What this document is</title>

61

<body>

62

63

<ul>

64

  <li>A guide to the basic workings of vpnc</li>

65

  <li>A discussion of DNS and routing issues that relate to VPNs</li>

66

  <li>Examples of managing VPN sessions</li>

67

  <li>Useful tips and tricks (hopefully)</li>

68

</ul>

69

70

</body>

71

</section>

72

<section>

73

<title>What this document is not</title>

74

<body>

75

76

<ul>

77

  <li>An in-depth guide to VPN / encryption technologies</li>

78

  <li>A feature by feature explanation of vpnc</li>

79

</ul>

80

81

</body>

82

</section>

83

<section>

84

<title>Assumptions</title>

85

<body>

86

87

<p>

88

The assumptions made at this point are:

89

</p>

90

91

<ul>

92

  <li>You have Gentoo installed</li>

93

  <li>You have Internet access</li>

94

  <li>You want to connect to a Cisco 3000 VPN concentrator</li>

95

  <li>You know how to configure, build and install a new kernel</li>

96

</ul>

97

98

</body>

99

</section>

100

</chapter>

101

102

<chapter>

103

<title>Kernel Configuration</title>

104

<section>

105

<body>

106

107

<p>

108

In order for Linux to be able to open a VPN connection <e>Universal TUN/TAP

109

device driver support</e> must be enabled in the kernel.  What is it and why do

110

you need it?  Below is a relatively straight forward explanation from the kernel

111

configuration dialog:

112

</p>

113

114

<pre caption="CONFIG_TUN:">

115

TUN/TAP provides packet reception and transmission for user space

116

programs.  It can be viewed as a simple Point-to-Point or Ethernet

117

device, which instead of receiving packets from a physical media,

118

receives them from user space program and instead of sending packets

119

via physical media writes them to the user space program.

120

121

When a program opens /dev/net/tun, driver creates and registers

122

corresponding net device tunX or tapX.  After a program closed above

123

devices, driver will automatically delete tunXX or tapXX device and

124

all routes corresponding to it.

125

</pre>

126

127

<p>

128

You can verify if your kernel has TUN/TAP support with the following command:

129

</p>

130

131

<pre caption="Checking the kernel config">

132

# <i>cat /usr/src/linux/.config | grep TUN</i>

133

CONFIG_INET_TUNNEL=m

134

# CONFIG_INET6_TUNNEL is not set

135

# CONFIG_IPV6_TUNNEL is not set

136

CONFIG_TUN=m

137

# CONFIG_8139TOO_TUNE_TWISTER is not set

138

</pre>

139

140

<p>

141

As you can see above, <c>CONFIG_TUN=m</c> is compiled as a module.  If it is

142

disabled in your setup, enable it in your kernel of choice, rebuild,

143

install, reboot and return to this document before continuing with the next

144

steps.

145

</p>

146

147

<pre caption="Configuration location in the kernel configuration dialog">

148

Device Drivers  ---&gt;

149

  Networking support  ---&gt;

150

    [*] Universal TUN/TAP device driver support

151

</pre>

152

153

<p>

154

If you already have TUN/TAP support built in your kernel, or you just booted

155

your computer after a fresh kernel build, then you need to verify that the

156

kernel has the appropriate code initialized.

157

</p>

158

159

<p>

160

If you built TUN/TAP support directly into the kernel, you should see

161

information from <c>dmesg</c> output like the following:

162

</p>

163

164

<pre caption="Checking dmesg output">

165

# <i>dmesg | grep TUN</i>

166

Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky

167

</pre>

168

169

<p>

170

If you build TUN/TAP support as a module, you first must load the <c>tun</c> 

171

module:

172

</p>

173

174

<pre caption="Load tun module">

175

# <i>modprobe tun</i>

176

# <i>lsmod</i>

177

Module                  Size  Used by

178

tun                     7296  0

179

nvidia               4050204  12

180

</pre>

181

182

<p>

183

Now that the <c>tun</c> module is loaded, check <c>dmesg</c> output.  You 

184

should see something like the following:

185

</p>

186

187

<pre caption="Checking dmesg output">

188

# <i>dmesg | grep TUN</i>

189

Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky

190

</pre>

191

192

</body>

193

</section>

194

</chapter>

195

196

<chapter>

197

<title>Install Needed Software</title>

198

<section>

199

<body>

200

201

<p>

202

Now that you have a working kernel setup, you need to install 

203

<c>net-misc/vpnc</c>:

204

</p>

205

206

<pre caption="Installing vpnc">

207

# <i>emerge net-misc/vpnc</i>

208

</pre>

209

210

</body>

211

</section>

212

</chapter>

--

218

gentoo-doc-cvs@g.o mailing list

1	swift 05/08/07 20:09:53
2
3	Added: xml/htdocs/doc/en/draft vpnc-howto.xml
4	Log:
5	Adding draft vpnc howto from #97760
6
7	Revision Changes Path
8	1.1 xml/htdocs/doc/en/draft/vpnc-howto.xml
9
10	file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/vpnc-howto.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo
11	plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/vpnc-howto.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo
12
13	Index: vpnc-howto.xml
14	===================================================================
15	<?xml version='1.0' encoding='UTF-8'?>
16	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
17
18	<guide link="/doc/en/draft/vpnc-howto.xml">
19
20	<title>Gentoo vpnc HOWTO</title>
21
22	<author title="Author">
23	David H. Askew
24	</author>
25
26	<!--
27	My email address is dhaskew on earthlink.net
28	-->
29
30	<abstract>
31	This document details how to connect your workstation to a Cisco VPN
32	concentrator utilizing vpnc to manage the connection.
33	</abstract>
34
35
36	<!-- The content of this document is licensed under the CC-BY-SA license -->
37	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
38	<license/>
39
40	<version>0.9</version>
41	<date>2005-08-01</date>
42
43	<chapter>
44	<title>Introduction</title>
45	<section>
46	<body>
47
48	<p>
49	If you're reading this, then you likely need to connect to your office network
50	from home or during travel. Many companies utilize Cisco 3000 VPN concentrators
51	for their VPN needs, and I am willing to bet that most Linux newbies think that
52	they are forced to use Windows to connect to them. Well this document informs
53	you that connecting to a Cisco VPN is very well be possible and will hopefully
54	enable to you to setup a working tunnel using your Gentoo workstation or laptop.
55	</p>
56
57	</body>
58	</section>
59	<section>
60	<title>What this document is</title>
61	<body>
62
63	<ul>
64	<li>A guide to the basic workings of vpnc</li>
65	<li>A discussion of DNS and routing issues that relate to VPNs</li>
66	<li>Examples of managing VPN sessions</li>
67	<li>Useful tips and tricks (hopefully)</li>
68	</ul>
69
70	</body>
71	</section>
72	<section>
73	<title>What this document is not</title>
74	<body>
75
76	<ul>
77	<li>An in-depth guide to VPN / encryption technologies</li>
78	<li>A feature by feature explanation of vpnc</li>
79	</ul>
80
81	</body>
82	</section>
83	<section>
84	<title>Assumptions</title>
85	<body>
86
87	<p>
88	The assumptions made at this point are:
89	</p>
90
91	<ul>
92	<li>You have Gentoo installed</li>
93	<li>You have Internet access</li>
94	<li>You want to connect to a Cisco 3000 VPN concentrator</li>
95	<li>You know how to configure, build and install a new kernel</li>
96	</ul>
97
98	</body>
99	</section>
100	</chapter>
101
102	<chapter>
103	<title>Kernel Configuration</title>
104	<section>
105	<body>
106
107	<p>
108	In order for Linux to be able to open a VPN connection <e>Universal TUN/TAP
109	device driver support</e> must be enabled in the kernel. What is it and why do
110	you need it? Below is a relatively straight forward explanation from the kernel
111	configuration dialog:
112	</p>
113
114	<pre caption="CONFIG_TUN:">
115	TUN/TAP provides packet reception and transmission for user space
116	programs. It can be viewed as a simple Point-to-Point or Ethernet
117	device, which instead of receiving packets from a physical media,
118	receives them from user space program and instead of sending packets
119	via physical media writes them to the user space program.
120
121	When a program opens /dev/net/tun, driver creates and registers
122	corresponding net device tunX or tapX. After a program closed above
123	devices, driver will automatically delete tunXX or tapXX device and
124	all routes corresponding to it.
125	</pre>
126
127	<p>
128	You can verify if your kernel has TUN/TAP support with the following command:
129	</p>
130
131	<pre caption="Checking the kernel config">
132	# <i>cat /usr/src/linux/.config \| grep TUN</i>
133	CONFIG_INET_TUNNEL=m
134	# CONFIG_INET6_TUNNEL is not set
135	# CONFIG_IPV6_TUNNEL is not set
136	CONFIG_TUN=m
137	# CONFIG_8139TOO_TUNE_TWISTER is not set
138	</pre>
139
140	<p>
141	As you can see above, <c>CONFIG_TUN=m</c> is compiled as a module. If it is
142	disabled in your setup, enable it in your kernel of choice, rebuild,
143	install, reboot and return to this document before continuing with the next
144	steps.
145	</p>
146
147	<pre caption="Configuration location in the kernel configuration dialog">
148	Device Drivers --->
149	Networking support --->
150	[*] Universal TUN/TAP device driver support
151	</pre>
152
153	<p>
154	If you already have TUN/TAP support built in your kernel, or you just booted
155	your computer after a fresh kernel build, then you need to verify that the
156	kernel has the appropriate code initialized.
157	</p>
158
159	<p>
160	If you built TUN/TAP support directly into the kernel, you should see
161	information from <c>dmesg</c> output like the following:
162	</p>
163
164	<pre caption="Checking dmesg output">
165	# <i>dmesg \| grep TUN</i>
166	Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
167	</pre>
168
169	<p>
170	If you build TUN/TAP support as a module, you first must load the <c>tun</c>
171	module:
172	</p>
173
174	<pre caption="Load tun module">
175	# <i>modprobe tun</i>
176	# <i>lsmod</i>
177	Module Size Used by
178	tun 7296 0
179	nvidia 4050204 12
180	</pre>
181
182	<p>
183	Now that the <c>tun</c> module is loaded, check <c>dmesg</c> output. You
184	should see something like the following:
185	</p>
186
187	<pre caption="Checking dmesg output">
188	# <i>dmesg \| grep TUN</i>
189	Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
190	</pre>
191
192	</body>
193	</section>
194	</chapter>
195
196	<chapter>
197	<title>Install Needed Software</title>
198	<section>
199	<body>
200
201	<p>
202	Now that you have a working kernel setup, you need to install
203	<c>net-misc/vpnc</c>:
204	</p>
205
206	<pre caption="Installing vpnc">
207	# <i>emerge net-misc/vpnc</i>
208	</pre>
209
210	</body>
211	</section>
212	</chapter>
213
214
215
216
217	--
218	gentoo-doc-cvs@g.o mailing list

Gentoo Archives: gentoo-doc-cvs