Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: BK on October 29, 2001, 10:43:15 AM

Title: Site to site VPN
Post by: BK on October 29, 2001, 10:43:15 AM

Halo eveybody....

Does anyone know if there is any Site to Site VPN howto or rpms for SME V5 e-smith...

thanks

Title: Re: Site to site VPN
Post by: Lee Irving on October 29, 2001, 02:10:55 PM

I believe this is one of the major features of the servicelink service. I believe there is something in development which will be an OpenSource solution.

Title: Re: Site to site VPN
Post by: sage on October 29, 2001, 07:52:50 PM

I remember reading somthing about is somewhere.  It had photos and info on how to set up 2 e-smith servers so that on one side you had 192.168.1.x and the other was 192.168.2.x and you could see computers on either side using the 192 ipaddress.  Look around, its here, maby the user guide or one of the howtos on VPN's

Sage

Title: Re: Site to site VPN
Post by: Les Mikesell on October 29, 2001, 08:15:43 PM

There is a contributed ipsec add-on for 4.x - I'm not sure if it will still work in 5.x.  It is not too difficult to roll your own with CIPE (http://sites.inka.de/~W1011/devel/cipe.html) which has the advantages of the less CPU-intensive blowfish encryption and the ability to work behind someone else's NAT.   You do have to tweak the e-smith templates controlling ipmasq a bit if you don't want to masq the LAN behind the VPN interface.

Title: Re: Site to site VPN
Post by: BK on October 30, 2001, 04:30:59 AM

thanks pal...

sage, it will be great if you can remember where you read it.... thanks

Title: Re: Site to site VPN
Post by: trevorb on October 31, 2001, 02:02:04 PM

BK wrote:
>
> thanks pal...
>
> sage, it will be great if you can remember where you read
> it.... thanks

There is a contributed HowTo at http://students.ou.edu/W/Christopher.A.Worthington-1/e-smith/ipsec/

Title: Re: Site to site VPN
Post by: Kelvin on November 01, 2001, 01:34:31 AM

Trevor,

I could not get to the address you supplied, is it still valid (perhaps mispelled ?)

Cheers,

Kelvin

Title: Re: Site to site VPN
Post by: michael on November 01, 2001, 01:40:14 AM

Has anyone gotten the Worthington HowTo for FreeSwan to work on 4.1.2? I have not had any success with it "out of the box" and expect that there is a problem in the modules/config. Maybe some extra configuration that is needed (ipchains)? I have seen similiar posts that indicate low success rate with this HowTo. If anyone has had success, I'd love to discuss how you accomplished it.

Thanks
Michael

Title: Re: Site to site VPN
Post by: trevorb on November 01, 2001, 09:01:20 AM

Hi Kelvin,

the url works for me. I just followed the links from the Contributed HowTo page (http://www.e-smith.org/cgi-bin/contrib.cgi). The name of the HowTo is How to add IPSEC to an e-smith server under the Virtual Private Networks category.

I don't have experience of how well it works (I don't need to use it). Also have some vague memory of spotting an RPM by someone else to do the same thing (but haven't managed to remember where yet - I'm away from home and all of my browsing history / jottings etc.).

Good Luck
Trevor BKelvin wrote:

Title: Re: Site to site VPN
Post by: Kelvin on November 01, 2001, 09:09:28 AM

Thanks Trevor.

I just tried it again and it works now. Must be a temporary failure somewhere out there in the wierd wired web. :)

Cheers !

Kelvin