User Tools

Site Tools


doc:howto:vpn.overview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:vpn.overview [2013/01/14 20:09]
birnenschnitzel
doc:howto:vpn.overview [2014/11/02 22:57] (current)
nmav link to wikipedia for openconnect clients
Line 1: Line 1:
 ====== VPN overview ====== ====== VPN overview ======
   - The term VPN stands for [[wp>​Virtual private network]].   - The term VPN stands for [[wp>​Virtual private network]].
-  - Like a DMZ a VPN is a //security concept//, it is //not// a protocol (like SSH) or a certain software package+  - Like a [[doc:​howto:​DMZ]] a VPN is a //security concept//, it is //not// a protocol (like SSH) nor a certain software package
   - There are multiple software packages available to set up a VPN between two or more hosts   - There are multiple software packages available to set up a VPN between two or more hosts
-  - they all use the [[wp>​Client–server model|Server ​<​-> ​Client concept]] and usually are //​**incompatible** with one another//!+  - they all use the [[wp>​Client–server model|Server ​↔ Client concept]] and usually are //​**incompatible** with one another//! 
 +  - have look at the [[wp>OSI model]] and make yourself aware that the encryption can be applied at different layers of the communications stack
  
 | {{:​meta:​icons:​tango:​dialog-information.png?​nolink}} | If your hardware has some sort of **[[doc:​hardware:​cryptographic.hardware.accelerators|Cryptographic Hardware Acceleration]]** you should make sure it is supported by your OS (OpenWrt) and enabled. ​ | | {{:​meta:​icons:​tango:​dialog-information.png?​nolink}} | If your hardware has some sort of **[[doc:​hardware:​cryptographic.hardware.accelerators|Cryptographic Hardware Acceleration]]** you should make sure it is supported by your OS (OpenWrt) and enabled. ​ |
Line 10: Line 11:
  
 ===== IPsec-based VPN Solutions ===== ===== IPsec-based VPN Solutions =====
-->[[wp>​IPsec|Internet Protocol Security]][[wp>​Openswan]],​ [[wp>​strongSwan]],​ [[http://​wiki.strongswan.org/​projects/​strongswan/​wiki/​IpsecUci|configure strongSwan with UCI]] +  * Protocol: ​[[wp>​IPsec]] 
- +  * Free software: →[[wp>​Openswan]], ​[[wp>​strongSwan]], ​→[[wp>​Racoon (KAME)|Racoon]],​ →[[http://​wiki.strongswan.org/​projects/​strongswan/​wiki/​IpsecUci|configure strongSwan with UCI]]
-StrongSwan (current project)+
  
 +==== strongSwan ====
 + ​→[[wp>​strongSwan]]
   * [[doc:​howto:​vpn.ipsec.basics]] Some basics, considerations and prerequisites for IPsec VPN   * [[doc:​howto:​vpn.ipsec.basics]] Some basics, considerations and prerequisites for IPsec VPN
   * [[doc:​howto:​vpn.ipsec.firewall]] Firewall and zones in IPsec VPN   * [[doc:​howto:​vpn.ipsec.firewall]] Firewall and zones in IPsec VPN
Line 21: Line 23:
   * [[doc:​howto:​vpn.ipsec.roadwarrior]] OpenWrt as IPsec gateway for road warriors   * [[doc:​howto:​vpn.ipsec.roadwarrior]] OpenWrt as IPsec gateway for road warriors
   * [[doc:​howto:​vpn.ipsec.roadwarriorcertificates]] Road warrior setup with certificates   * [[doc:​howto:​vpn.ipsec.roadwarriorcertificates]] Road warrior setup with certificates
 +  * [[inbox:​strongswan.howto]] Install/​configure strongswan for IPhone/IPad
  
-Racoon (previous project) +==== Racoon ==== 
 +→[[wp>Racoon (KAME)|Racoon]]
   * [[doc:​howto:​vpn.ipsec.basics.racoon]] Some basics, considerations and prerequisites for IPsec VPN   * [[doc:​howto:​vpn.ipsec.basics.racoon]] Some basics, considerations and prerequisites for IPsec VPN
   * [[doc:​howto:​vpn.ipsec.firewall.racoon]] Firewall and zones in IPsec VPN   * [[doc:​howto:​vpn.ipsec.firewall.racoon]] Firewall and zones in IPsec VPN
Line 32: Line 35:
   * [[doc:​howto:​vpn.ipsec.roadwarriorcertificates.racoon]] Road warrior setup with certificates   * [[doc:​howto:​vpn.ipsec.roadwarriorcertificates.racoon]] Road warrior setup with certificates
  
-Other +==== OpenSwan ==== 
 +→[[wp>​Openswan]]
   * [[doc:​howto:​vpn.ipsec.site2site.openswan]] Setup a site to site IPsec VPN Using Openswan   * [[doc:​howto:​vpn.ipsec.site2site.openswan]] Setup a site to site IPsec VPN Using Openswan
   * [[oldwiki:​ipsec.openswantocisco851|Openswan (oldwiki)]]   * [[oldwiki:​ipsec.openswantocisco851|Openswan (oldwiki)]]
Line 39: Line 42:
  
 ===== OpenVPN-based VPN Solutions ===== ===== OpenVPN-based VPN Solutions =====
-->[[wp>​OpenVPN]],​ [[http://​openvpn.net/​index.php/​open-source/​documentation/​howto.html#​vpntype|bridged vs. routed]]+  * Free software: →[[wp>​OpenVPN]],​ [[http://​openvpn.net/​index.php/​open-source/​documentation/​howto.html#​vpntype|bridged vs. routed]]
  
 Articles we have: Articles we have:
Line 53: Line 56:
 Once you set up a VPN server on your OpenWrt router, you (and the other participants) will need to each install and configure a VPN client (compatible with the VPN server) on each of your host machines. For HowTos regarding that, you should visit the Wiki/Forum of your OS! Once you set up a VPN server on your OpenWrt router, you (and the other participants) will need to each install and configure a VPN client (compatible with the VPN server) on each of your host machines. For HowTos regarding that, you should visit the Wiki/Forum of your OS!
  
 +
 +===== OpenConnect-based VPN Solutions =====
 +You may setup openwrt as an [[http://​www.infradead.org/​openconnect/​|OpenConnect]] VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO'​s AnyConnect SSL VPN.
 +
 +  * Client side requirements:​
 +    * [[https://​github.com/​openwrt/​packages/​tree/​master/​net/​openconnect|openconnect]]:​ Follow for instructions to configure without luci interface
 +    * [[https://​github.com/​openwrt/​luci/​tree/​master/​protocols/​openconnect|luci-proto-openconnect]]
 +
 +  * Server side requirements:​
 +    * [[https://​github.com/​openwrt/​packages/​tree/​master/​net/​ocserv|ocserv]]:​ Follow for instructions to configure without luci interface
 +    * [[https://​github.com/​openwrt/​luci/​tree/​master/​applications/​luci-ocserv|luci-app-ocserv]]
 +
 +There are various [[https://​en.wikipedia.org/​wiki/​OpenConnect#​Platforms|openconnect clients]], including in GNOME NetworkManager,​ [[https://​github.com/​nmav/​openconnect-gui/​releases|Windows]],​ and [[https://​play.google.com/​store/​apps/​details?​id=app.openconnect|Android]].
  
 ===== PPTP-based VPN Solutions ===== ===== PPTP-based VPN Solutions =====
-  * [[doc:​howto:​vpn.server.pptpd]] describes a [[wp>​Point-to-Point Tunneling Protocol]] (PPTPsolution with ''​pptpd''​+  ​* Protocol: [[wp>​Point-to-Point Tunneling Protocol|PPTP (Point-to-Point Tunneling Protocol)]] 
 +  ​* [[doc:​howto:​vpn.server.pptpd]] describes a PPTP solution with ''​pptpd''​
   * [[doc:​howto:​vpn.client.pptp]] Howto install and setup a VPN client compatible with PPTP servers   * [[doc:​howto:​vpn.client.pptp]] Howto install and setup a VPN client compatible with PPTP servers
     * [[doc:​howto:​vpn.nat.pptp]] VPN [[wp>NAT traversal]] (VPN Pass Through) for single/​multiple LAN client(s) connecting to PPTP Servers on the WAN     * [[doc:​howto:​vpn.nat.pptp]] VPN [[wp>NAT traversal]] (VPN Pass Through) for single/​multiple LAN client(s) connecting to PPTP Servers on the WAN
Line 69: Line 86:
   * [[http://​www.tinc-vpn.org/​]]   * [[http://​www.tinc-vpn.org/​]]
   * [[http://​www.ntop.org/​n2n/​]]   * [[http://​www.ntop.org/​n2n/​]]
-  * [[inbox/mesh.olsr|OLSR]] +  * [[doc:howto:mesh.olsr|OLSR]] 
-  * [[inbox/mesh.batman|B.A.T.M.A.N.]]+  * [[doc:howto:mesh.batman|B.A.T.M.A.N.]]
  
 ===== External Documentation ===== ===== External Documentation =====
Line 79: Line 96:
     * http://​www.openvpn.net/​index.php/​component/​content/​article/​65-general/​89-2xhowto.html     * http://​www.openvpn.net/​index.php/​component/​content/​article/​65-general/​89-2xhowto.html
     * http://​www.openvpn.net/​index.php/​open-source/​documentation/​miscellaneous/​1xhowto.html     * http://​www.openvpn.net/​index.php/​open-source/​documentation/​miscellaneous/​1xhowto.html
-    * You can alway RTFM: http://​www.openvpn.net/​index.php/​open-source/​documentation/​manuals.html or STFW: http://​www.google.com/​search?​q=vpn&​hl=en+    * You can always read: http://​www.openvpn.net/​index.php/​open-source/​documentation/​manuals.html or search: http://​www.google.com/​search?​q=vpn&​hl=en
   * You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.   * You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.
  
doc/howto/vpn.overview.1358190588.txt.bz2 · Last modified: 2013/01/14 20:09 by birnenschnitzel