Linux VPN Masquerade HOWTO

• Index
• Introduction
• Background Knowledge
• Configuring the Linux firewall
• Configuring the VPN client
• Troubleshooting
• IPsec masquerade technical notes and special security considerations

Next Previous Contents

---

Linux VPN Masquerade HOWTO

John D. Hardin <jhardin@wolfenet.com>

$Revision: 2.19 $ $Date: 2000-10-22 12:07:43-07 $

---

How to configure a Linux firewall to masquerade IPsec- and PPTP-based Virtual Private Network traffic, allowing you to establish a VPN connection without losing the security and flexibility of your Linux firewall's internet connection and allowing you to make available a VPN server that does not have a registered internet IP address. Brief information on configuring the VPN client and server is also given.

---

1. Introduction

• 1.1 Introduction
• 1.2 Feedback, Credits & Resources
• 1.3 Copyright & Disclaimer

2. Background Knowledge

• 2.1 What is a VPN?
• 2.2 What is IPsec?
• 2.3 What is PPTP?
• 2.4 What is FWZ?
• 2.5 Why masquerade a VPN client?
• 2.6 Can several clients on my local network use IPsec simultaneously?
• 2.7 Can several clients on my local network use PPTP simultaneously?
• 2.8 Can I access the remote network from my entire local network?
• 2.9 Why masquerade the VPN server?
• 2.10 Why patch the Linux kernel?
• 2.11 Current Status

3. Configuring the Linux firewall

• 3.1 Example network
• 3.2 Determining what needs to be done on the firewall
• 3.3 Patching and configuring the 2.0.x kernel for VPN Masquerade support
• 3.4 Patching and configuring the 2.2.x kernel for VPN Masquerade support
• 3.5 ipfwadm setup for a Private-IP VPN Client or Server
• 3.6 ipchains setup for a Private-IP VPN Client or Server
• 3.7 A note about dynamic IP addressing
• 3.8 Additional setup for a Private-IP VPN Server
• 3.9 ipfwadm setup for a Registered-IP VPN Server
• 3.10 ipfwadm setup for a Registered-IP VPN Client
• 3.11 ipchains setup for a Registered-IP VPN Server
• 3.12 ipchains setup for a Registered-IP VPN Client
• 3.13 VPN Masq and LRP
• 3.14 VPN Masq on a system running FreeS/WAN or PoPToP

4. Configuring the VPN client

• 4.1 Configuring a MS W'95 client
• 4.2 Configuring a MS W'98 client
• 4.3 Configuring a MS W'ME client
• 4.4 Configuring a MS NT client
• 4.5 Configuring for network-to-network routing
• 4.6 Masquerading Checkpoint SecuRemote-based VPNs

5. Troubleshooting

• 5.1 Testing
• 5.2 Possible problems
• 5.3 Troubleshooting
• 5.4 MS PPTP Clients and domain-name issues
• 5.5 MS PPTP Clients and Novell IPX
• 5.6 MS network password issues
• 5.7 If your IPsec session always dies after a certain amount of time
• 5.8 If VPN masquerade fails to work after you reboot
• 5.9 If your second PPTP session kills your first session

6. IPsec masquerade technical notes and special security considerations

• 6.1 Limitations and weaknesses of IPsec masquerade
• 6.2 Proper routing of inbound encrypted traffic

---

Next Previous Contents