VPN using IPsec

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search

An OpenVZ container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package.

Using the Cisco VPN client

The Cisco VPN client can be downloded from Cisco, if you have an account with them. It builds a kernel module.

I have not tested this, so I don't have any instructions to set it up.

Elronxenu 19:46, 15 November 2007 (EST)

Using the 'vpnc' package

The vpnc package is part of Debian. It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the container to use. Here are brief instructions to get it going:

  1. When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
  2. Enable the TUN device within your container. See VPN via the TUN/TAP device.
  3. Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
  4. Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data.