Differences

This shows you the differences between two versions of the page.

doc:howto:vpn.overview [2013/01/14 20:09]
birnenschnitzel
doc:howto:vpn.overview [2014/11/02 22:57] (current)
nmav link to wikipedia for openconnect clients
Line 1: Line 1:
====== VPN overview ====== ====== VPN overview ======
  - The term VPN stands for [[wp>Virtual private network]].   - The term VPN stands for [[wp>Virtual private network]].
-  - Like a DMZ a VPN is a //security concept//, it is //not// a protocol (like SSH) or a certain software package+  - Like a [[doc:howto:DMZ]] a VPN is a //security concept//, it is //not// a protocol (like SSH) nor a certain software package
  - There are multiple software packages available to set up a VPN between two or more hosts   - There are multiple software packages available to set up a VPN between two or more hosts
-  - they all use the [[wp>Client–server model|Server <-> Client concept]] and usually are //**incompatible** with one another//!+  - they all use the [[wp>Client–server model|Server Client concept]] and usually are //**incompatible** with one another//! 
 +  - have look at the [[wp>OSI model]] and make yourself aware that the encryption can be applied at different layers of the communications stack
| {{:meta:icons:tango:dialog-information.png?nolink}} | If your hardware has some sort of **[[doc:hardware:cryptographic.hardware.accelerators|Cryptographic Hardware Acceleration]]** you should make sure it is supported by your OS (OpenWrt) and enabled.  | | {{:meta:icons:tango:dialog-information.png?nolink}} | If your hardware has some sort of **[[doc:hardware:cryptographic.hardware.accelerators|Cryptographic Hardware Acceleration]]** you should make sure it is supported by your OS (OpenWrt) and enabled.  |
Line 10: Line 11:
===== IPsec-based VPN Solutions ===== ===== IPsec-based VPN Solutions =====
-->[[wp>IPsec|Internet Protocol Security]], [[wp>Openswan]], [[wp>strongSwan]], [[http://wiki.strongswan.org/projects/strongswan/wiki/IpsecUci|configure strongSwan with UCI]] +  * Protocol: [[wp>IPsec]] 
- +  * Free software: →[[wp>Openswan]], [[wp>strongSwan]], [[wp>Racoon (KAME)|Racoon]], [[http://wiki.strongswan.org/projects/strongswan/wiki/IpsecUci|configure strongSwan with UCI]]
-StrongSwan (current project)+
 +==== strongSwan ====
 + →[[wp>strongSwan]]
  * [[doc:howto:vpn.ipsec.basics]] Some basics, considerations and prerequisites for IPsec VPN   * [[doc:howto:vpn.ipsec.basics]] Some basics, considerations and prerequisites for IPsec VPN
  * [[doc:howto:vpn.ipsec.firewall]] Firewall and zones in IPsec VPN   * [[doc:howto:vpn.ipsec.firewall]] Firewall and zones in IPsec VPN
Line 21: Line 23:
  * [[doc:howto:vpn.ipsec.roadwarrior]] OpenWrt as IPsec gateway for road warriors   * [[doc:howto:vpn.ipsec.roadwarrior]] OpenWrt as IPsec gateway for road warriors
  * [[doc:howto:vpn.ipsec.roadwarriorcertificates]] Road warrior setup with certificates   * [[doc:howto:vpn.ipsec.roadwarriorcertificates]] Road warrior setup with certificates
 +  * [[inbox:strongswan.howto]] Install/configure strongswan for IPhone/IPad
-Racoon (previous project) +==== Racoon ==== 
 +→[[wp>Racoon (KAME)|Racoon]]
  * [[doc:howto:vpn.ipsec.basics.racoon]] Some basics, considerations and prerequisites for IPsec VPN   * [[doc:howto:vpn.ipsec.basics.racoon]] Some basics, considerations and prerequisites for IPsec VPN
  * [[doc:howto:vpn.ipsec.firewall.racoon]] Firewall and zones in IPsec VPN   * [[doc:howto:vpn.ipsec.firewall.racoon]] Firewall and zones in IPsec VPN
Line 32: Line 35:
  * [[doc:howto:vpn.ipsec.roadwarriorcertificates.racoon]] Road warrior setup with certificates   * [[doc:howto:vpn.ipsec.roadwarriorcertificates.racoon]] Road warrior setup with certificates
-Other +==== OpenSwan ==== 
 +→[[wp>Openswan]]
  * [[doc:howto:vpn.ipsec.site2site.openswan]] Setup a site to site IPsec VPN Using Openswan   * [[doc:howto:vpn.ipsec.site2site.openswan]] Setup a site to site IPsec VPN Using Openswan
  * [[oldwiki:ipsec.openswantocisco851|Openswan (oldwiki)]]   * [[oldwiki:ipsec.openswantocisco851|Openswan (oldwiki)]]
Line 39: Line 42:
===== OpenVPN-based VPN Solutions ===== ===== OpenVPN-based VPN Solutions =====
-->[[wp>OpenVPN]], [[http://openvpn.net/index.php/open-source/documentation/howto.html#vpntype|bridged vs. routed]]+  * Free software: →[[wp>OpenVPN]], [[http://openvpn.net/index.php/open-source/documentation/howto.html#vpntype|bridged vs. routed]]
Articles we have: Articles we have:
Line 53: Line 56:
Once you set up a VPN server on your OpenWrt router, you (and the other participants) will need to each install and configure a VPN client (compatible with the VPN server) on each of your host machines. For HowTos regarding that, you should visit the Wiki/Forum of your OS! Once you set up a VPN server on your OpenWrt router, you (and the other participants) will need to each install and configure a VPN client (compatible with the VPN server) on each of your host machines. For HowTos regarding that, you should visit the Wiki/Forum of your OS!
 +
 +===== OpenConnect-based VPN Solutions =====
 +You may setup openwrt as an [[http://www.infradead.org/openconnect/|OpenConnect]] VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO's AnyConnect SSL VPN.
 +
 +  * Client side requirements:
 +    * [[https://github.com/openwrt/packages/tree/master/net/openconnect|openconnect]]: Follow for instructions to configure without luci interface
 +    * [[https://github.com/openwrt/luci/tree/master/protocols/openconnect|luci-proto-openconnect]]
 +
 +  * Server side requirements:
 +    * [[https://github.com/openwrt/packages/tree/master/net/ocserv|ocserv]]: Follow for instructions to configure without luci interface
 +    * [[https://github.com/openwrt/luci/tree/master/applications/luci-ocserv|luci-app-ocserv]]
 +
 +There are various [[https://en.wikipedia.org/wiki/OpenConnect#Platforms|openconnect clients]], including in GNOME NetworkManager, [[https://github.com/nmav/openconnect-gui/releases|Windows]], and [[https://play.google.com/store/apps/details?id=app.openconnect|Android]].
===== PPTP-based VPN Solutions ===== ===== PPTP-based VPN Solutions =====
-  * [[doc:howto:vpn.server.pptpd]] describes a [[wp>Point-to-Point Tunneling Protocol]] (PPTP) solution with ''pptpd''+  * Protocol: [[wp>Point-to-Point Tunneling Protocol|PPTP (Point-to-Point Tunneling Protocol)]] 
 +  * [[doc:howto:vpn.server.pptpd]] describes a PPTP solution with ''pptpd''
  * [[doc:howto:vpn.client.pptp]] Howto install and setup a VPN client compatible with PPTP servers   * [[doc:howto:vpn.client.pptp]] Howto install and setup a VPN client compatible with PPTP servers
    * [[doc:howto:vpn.nat.pptp]] VPN [[wp>NAT traversal]] (VPN Pass Through) for single/multiple LAN client(s) connecting to PPTP Servers on the WAN     * [[doc:howto:vpn.nat.pptp]] VPN [[wp>NAT traversal]] (VPN Pass Through) for single/multiple LAN client(s) connecting to PPTP Servers on the WAN
Line 69: Line 86:
  * [[http://www.tinc-vpn.org/]]   * [[http://www.tinc-vpn.org/]]
  * [[http://www.ntop.org/n2n/]]   * [[http://www.ntop.org/n2n/]]
-  * [[inbox/mesh.olsr|OLSR]] +  * [[doc:howto:mesh.olsr|OLSR]] 
-  * [[inbox/mesh.batman|B.A.T.M.A.N.]]+  * [[doc:howto:mesh.batman|B.A.T.M.A.N.]]
===== External Documentation ===== ===== External Documentation =====
Line 79: Line 96:
    * http://www.openvpn.net/index.php/component/content/article/65-general/89-2xhowto.html     * http://www.openvpn.net/index.php/component/content/article/65-general/89-2xhowto.html
    * http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/1xhowto.html     * http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/1xhowto.html
-    * You can alway RTFM: http://www.openvpn.net/index.php/open-source/documentation/manuals.html or STFW: http://www.google.com/search?q=vpn&hl=en+    * You can always read: http://www.openvpn.net/index.php/open-source/documentation/manuals.html or search: http://www.google.com/search?q=vpn&hl=en
  * You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.   * You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.

Back to top

doc/howto/vpn.overview.1358190588.txt.bz2 · Last modified: 2013/01/14 20:09 by birnenschnitzel