Difference between revisions of "VPN using IPsec"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(How to get vpnc working)
 
(Note that the 047 version is for kernel 2.6.18)
Line 15: Line 15:
 
Here are brief instructions to get it going:
 
Here are brief instructions to get it going:
  
# Use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
+
# When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
 
# Enable the TUN device within your VE. See [[VPN via the TUN/TAP device]].
 
# Enable the TUN device within your VE. See [[VPN via the TUN/TAP device]].
 
# Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
 
# Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.

Revision as of 22:48, 16 November 2007

An OpenVZ VE can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package.

Using the Cisco VPN client

The Cisco VPN client can be downloded from Cisco, if you have an account with them. It builds a kernel module.

I have not tested this, so I don't have any instructions to set it up.

Elronxenu 19:46, 15 November 2007 (EST)

Using the 'vpnc' package

The vpnc package is part of Debian. It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the VE to use. Here are brief instructions to get it going:

  1. When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
  2. Enable the TUN device within your VE. See VPN via the TUN/TAP device.
  3. Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
  4. Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data.