Difference between revisions of "VPN using IPsec"
(Note that the 047 version is for kernel 2.6.18) |
Botinki Kira (talk | contribs) m (Robot: Automated text replacement (-VE +container)) |
||
| Line 1: | Line 1: | ||
| − | An OpenVZ | + | An OpenVZ container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package. |
== Using the Cisco VPN client == | == Using the Cisco VPN client == | ||
| Line 12: | Line 12: | ||
The vpnc package is part of Debian. | The vpnc package is part of Debian. | ||
| − | It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the | + | It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the container to use. |
Here are brief instructions to get it going: | Here are brief instructions to get it going: | ||
# When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol. | # When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol. | ||
| − | # Enable the TUN device within your | + | # Enable the TUN device within your container. See [[VPN via the TUN/TAP device]]. |
# Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup. | # Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup. | ||
# Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data. | # Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data. | ||
Latest revision as of 13:24, 11 March 2008
An OpenVZ container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package.
Using the Cisco VPN client[edit]
The Cisco VPN client can be downloded from Cisco, if you have an account with them. It builds a kernel module.
I have not tested this, so I don't have any instructions to set it up.
Elronxenu 19:46, 15 November 2007 (EST)
Using the 'vpnc' package[edit]
The vpnc package is part of Debian. It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the container to use. Here are brief instructions to get it going:
- When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
- Enable the TUN device within your container. See VPN via the TUN/TAP device.
- Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
- Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data.
