__           __           __                     
  .-----.--.--.----.|  |.--.--.--|  |.-----.--|  |  .-----.----.-----.
  |  -__|_   _|  __||  ||  |  |  _  ||  -__|  _  |__|  _  |   _|  _  |
  |_____|__.__|____||__||_____|_____||_____|_____|__|_____|__| |___  |
   by daemonx - member of excluded-team                        |_____|

                 VIRTUAL PRIVATE NETWORK INSTALLATION


[..1] What is a Virtual Private Network
[..2] OpenVPN- Installing a Client
[..3] Creating a rudimentary VPN
[..4] Check the Virtual Private Network
[..5] Configure the VPN
[..6] Frequently Asked Questions
[..7] Greets


- 1. What is a Virtual Private Network -
a virtual private network, also called vpn, is a private network, that
uses another network to send/receive data. vpn are using standard 
often insecure protocols. users of a vpn could share data like in a local
area network. the single users don't have to be concretely connected.
a connection of the network is done by a tunnel between client and server.
if you want to read more generally stuff about virtual private networks,
use google (; i'm sure u will find a lot of stuff about vpn's.

- 2. OpenVPN- Installing a Client -
So now i will give you a little how-to installing openvpn for some networks
and some information about virtual private networks.
OpenVPN supports:
- Solaris  >> # pkgadd -d /path/to/the/package.pkg 
- FreeBSD  >> # cd /usr/ports/security/openvpn && make install clean
- OpenBSD  >> # pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/i386/openvpn-1.6.0.tgz
- NetBSD   >> # cd /usr/pkgsrc/*/openvnp && make install clean clean-depends
- MacOS X  >> http://mac.softpedia.com/get/Network-Admin/OpenVPN-GUI.shtml
- Linux    >> http://openvpn.net/release/openvpn-2.0.tar.gz, configure make install
- WinXP/2k >> http://openvpn.net/release/openvpn-2.0-install.exe, and *click click*

to build the tunnel, openvpn uses the virtual tun* or tap* of the operating system. 
openvpn is using ssl and needs openssl-libraries (http://www.openssl.org/) for the
encryption, authentification and certification. a really good tipp i got by a friend
of me, is to install the libs for the lzo-compression. the usage of the lzo-libs is
better for your connection. very important is also that, if ure using mac os x or 
solaris, u have to install tun/tap runtimes.

Solaris: http://vtun.sourceforge.net/tun/tun-1.0-sol70.i386.gz
MacOS X: http://chrisp.de/en/projects/tunnel.html

- 3. Creating a rudimentary VPN -
Okay ladies open a terminal an follow the instructions:
Computer 1: b0x1
Computer 2: b0x2

computer1:
# openvpn --remote b0x2 --dev tun0 --ifconfig 10.0.0.9 10.0.0.5

computer2:
# openvpn --remote b0x1 --ifconfig 10.0.0.5 10.0.0.9

- 4. Check the Virtual Private Network -
So lets check out if the tunnel is open:
# ifconfig tun0
tun0: flags:51<UP ...                    /* if something like this appears
inet 10.0.0.9 --> 10.0.0.5 netmask ...   /* everything is okay

# ping -c 5 10.0.0.5 /* so you will see if the ping is transmitted

- 5. Configure the VPN - 
at first you have to create a ssl-certificate, after you have done all the
ssl stuff, it is time to write a config file for the vpn:

~openvpn.conf for b0x2~

# cd /etc/openvpn
# vi openvpn.conf
dev tun0
ifconfig 10.0.0.5 10.0.0.9
up /etc/openvpn/openvpn.up
down /etc/openvpn/openvpn.down       
tls-server
dh /etc/openvpn/dh1024.pem
ca /etc/ssl/ca.crt
cert /etc/ssl/b0x2.crt
key /etc/ssl/private/b0x2.key
ping 15
verb 0
~openvpn.conf for b0x1~

# cd /etc/openvpn
# vi openvpn.conf
dev tun0
remote b0x2
ifconfig 10.0.0.9 10.0.0.5
up /etc/openvpn/openvpn.up
down /etc/openvpn/openvpn.down
tls-client
ca /etc/ssl/ca.crt
cert /etc/ssl/b0x1.crt
key /etc/ssl/private/b0x1.key
ping 15
verb 0
To activate the compression, you have to add the option comp-lzo at the end of the config files of both vpn's. Now you have to create the the opnevpn.up on both computers of the vp network. for b0x1: #!/bin/sh /sbin/route/add -net 10.0.0.0 gw $5 netmask 255.255.0.0 this arrange that b0x1 could reach the end of the tunnel (b0x2) for b0x2: #!/bin/sh arp -s $5 00:00:d1:1f:3f:f1 peramnent pub this arrange that b0x2 answer for arp questions of b0x1, if we don't have this script, b0x1 couldn't reach b0x2. So now we will finish with creating the openvpn.down file on the second box (b0x2): #!/bin/sh arp -d b0x1 this command delete the arp table entry. and no we will see if the virtual private network will function... # openvpn --config /etc/openvpn/openvpn.conf --daemon so thats it. I hope you got an interesting and maybe helpfull entry in virtual private networks, if you have questions, problems or refers please mail me or visit me in the euirc. - 6. Frequently Asked Questions - [..] <x01> hey daemon, got an error while installing openvpn, with the lzo libs <x01> LZO library and not found. <daemonx> install lzo again: <daemonx> $ ./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib [..] question: got an error with the config file, with the dh1024.pem solution: bash-2.05b$ openssl dhparam -out dh1024.pem 1024 - 7. Greets - ProXy, DNA, Takt, l0om, nixon, flexus, Sirius, XNet, c-shell and the rest of the excluded- team (:
<daemonx(at)excluded.org> http://www.excluded.org/
- do you really believe in terrorists? -