Difference between revisions of "VPN using IPsec"
|  (How to get vpnc working) | Botinki Kira (talk | contribs)  m (Robot: Automated text replacement  (-VE +container)) | ||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | An OpenVZ  | + | An OpenVZ container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package. | 
| == Using the Cisco VPN client == | == Using the Cisco VPN client == | ||
| Line 12: | Line 12: | ||
| The vpnc package is part of Debian. | The vpnc package is part of Debian. | ||
| − | It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the  | + | It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the container to use. | 
| Here are brief instructions to get it going: | Here are brief instructions to get it going: | ||
| − | #  | + | # When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol. | 
| − | # Enable the TUN device within your  | + | # Enable the TUN device within your container. See [[VPN via the TUN/TAP device]]. | 
| # Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup. | # Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup. | ||
| # Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data. | # Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data. | ||
Latest revision as of 13:24, 11 March 2008
An OpenVZ container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package.
Using the Cisco VPN client[edit]
The Cisco VPN client can be downloded from Cisco, if you have an account with them. It builds a kernel module.
I have not tested this, so I don't have any instructions to set it up.
Elronxenu 19:46, 15 November 2007 (EST)
Using the 'vpnc' package[edit]
The vpnc package is part of Debian. It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the container to use. Here are brief instructions to get it going:
- When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
- Enable the TUN device within your container. See VPN via the TUN/TAP device.
- Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
- Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data.
