VPN Connection in Linux

Establishing a VPN Connection

Establishing an encrypted Virtual Private Network (VPN) enables you to communicate securely between your Local Area Network (LAN), and another, remote LAN. After successfully establishing a VPN connection, a VPN router or gateway performs the following actions upon the packets you transmit:

1. it adds an Authentication Header for routing and authentication purposes;
2. it encrypts the packet data; and,
3. it encloses the data with an Encapsulating Security Payload (ESP), which constitutes the decryption and handling instructions.

The receiving VPN router strips the header information, decrypts the data, and routes it to its intended destination (either a workstation or other node on a network). Using a network-to-network connection, the receiving node on the local network receives the packets already decrypted and ready for processing. The encryption/decryption process in a network-to-network VPN connection is therefore transparent to clients.

Because they employ several layers of authentication and encryption, VPNs are a secure and effective means of connecting multiple remote nodes to act as a unified intranet.

⁠

Procedure 9.5. Adding a New VPN Connection

1. You can configure a new VPN connection by opening the Network Connections window, clicking the Addbutton and selecting a type of VPN from the VPN section of the new connection list.
2. Right-click on the NetworkManager applet icon in the Notification Area and click Edit Connections. TheNetwork Connections window appears.
3. Click the Add button.
4. The Choose a Connection Type list appears.
5. 
   
6. 
   
7. A VPN plug-in is required

   The appropriate NetworkManager VPN plug-in for the VPN type you want to configure must be installed The VPN section in the Choose a Connection Type list will not appear if you do not have a suitable plug-in installed.
8. ⁠
   Select the VPN protocol for the gateway you are connecting to from the Choose a Connection Type list. The VPN protocols available for selection in the list correspond to the NetworkManager VPN plug-ins installed. For example, if the NetworkManager VPN plug-in for openswan, NetworkManager-openswan, is installed then the IPsec based VPN will be selectable from the Choose a Connection Type list.
   After selecting the correct one, press the Create button.
9. The Editing VPN Connection 1 window then appears. This window presents settings customized for the type of VPN connection you selected in Step 6.

⁠

Editing an Existing VPN Connection

You can configure an existing VPN connection by opening the Network Connections window and selecting the name of the connection from the list. Then click the Edit button.

1. Right-click on the NetworkManager applet icon in the Notification Area and click Edit Connections. TheNetwork Connections window appears.
2. Select the connection you wish to edit and click the Edit button.

⁠

⁠

   Editing the newly created IPsec VPN connection 1

⁠Configuring the Connection Name, Auto-Connect Behavior, and Availability Settings

Three settings in the Editing dialog are common to all connection types:

• Connection name — Enter a descriptive name for your network connection. This name will be used to list this connection in the VPN section of the Network Connections window.
• Connect automatically — Check this box if you want NetworkManager to auto-connect to this connection when it is available. See Section 9.2.3, “Connecting to a Network Automatically” for more information.
• Available to all users — Check this box to create a connection available to all users on the system. Changing this setting may require root privileges. See Section 9.2.4, “User and System Connections” for details.

⁠Configuring the VPN Tab

Gateway

The name or IP address of the remote VPN gateway.

Group name

The name of a VPN group configured on the remote gateway.

User password

If required, enter the password used to authenticate with the VPN.

Group password

If required, enter the password used to authenticate with the VPN.

User name

If required, enter the user name used to authenticate with the VPN.

Phase1 Algorithms

If required, enter the algorithms to be used to authenticate and set up an encrypted channel.

Phase2 Algorithms

If required, enter the algorithms to be used for the IPsec negotiations.

Domain

If required, enter the Domain Name.

NAT traversal

Cisco UDP (default) — IPsec over UDP.

NAT-T — ESP encapsulation and IKE extensions are used to handle NAT Traversal.

Disabled — No special NAT measures required.

Disable Dead Peer Detection — Disable the sending of probes to the remote gateway or endpoint.

⁠Saving Your New (or Modified) Connection and Making Further Configurations

Once you have finished editing your new VPN connection, click the Apply button and NetworkManager will immediately save your customized configuration. Given a correct configuration, you can connect to your new or customized connection by selecting it from the NetworkManager Notification Area applet. See Section 9.2.1, “Connecting to a Network” for information on using your new or altered connection.

You can further configure an existing connection by selecting it in the Network Connections window and clicking Editto return to the Editing dialog.

Then, to configure:

• IPv4 settings for the connection, click the IPv4 Settings tab and proceed to “Configuring IPv4 Settings” as below

• Configuring IPv4 Settings

  ⁠

  ⁠

   Editing the IPv4 Settings Tab

  The IPv4 Settings tab allows you to configure the method by which you connect to the Internet and enter IP address, route, and DNS information as required. The IPv4 Settings tab is available when you create and modify one of the following connection types: wired, wireless, mobile broadband, VPN or DSL.

  If you are using DHCP to obtain a dynamic IP address from a DHCP server, you can set Method to Automatic (DHCP).

  ⁠Setting the Method

  ⁠

  Available IPv4 Methods by Connection Type

  When you click the Method dropdown menu, depending on the type of connection you are configuring, you are able to select one of the following IPv4 connection methods. All of the methods are listed here according to which connection type or types they are associated with.

  Method

  Automatic (DHCP) — Choose this option if the network you are connecting to uses a DHCP server to assign IP addresses. You do not need to fill in the DHCP client ID field.

  Automatic (DHCP) addresses only — Choose this option if the network you are connecting to uses a DHCP server to assign IP addresses but you want to assign DNS servers manually.

  Link-Local Only — Choose this option if the network you are connecting to does not have a DHCP server and you do not want to assign IP addresses manually. Random addresses will be selected as per RFC 3927.

  Shared to other computers — Choose this option if the interface you are configuring is for sharing an Internet or WAN connection.

  
  

  
  

  Thank You.

•