Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Site to Site VPN


Hi Sluggers,

I've been asked by a friend to help configure a VPN between a Linux (CentOS) box (which he's given me control of) and a corporate network accessed via a Juniper Network VPN device.

I'm in need of a few clue sticks and would appreciate some advice about what software to install on the Linux machine and pointers to good URL's etc to read up on.

The corporate VPN policy only supports network to network VPN's and I have been provided with the following info:

202.X.X.X 	The IP address of the corporate VPN server,
10.Y.Y.0/24	The private network on the corporate side that will be accessed via the VPN.
************	A Pre-Shared key

VPN Peers
Phase 1    Encryption 3DES,    Hash  SHA,
Phase 2    Encryption 3DES,    Hash  SHA,   PFS

Now I don't have a network on my side, just the one box, so a road warrior config is what is really required but see Corporate policy above. I have provided the fixed real world IP of the Linux box to them and they are now asking for the address range of my private network so that they can set up the route on their side to send reply packets back via the Juniper VPN device.

So I'm thinking that I can add a private address or two to the Nic card and using IPtables source nat the packets so that when an application on the linux box sends a packet to 10.Y.Y.1 I can mangle the packet sufficiently for it to be routed down the VPN and come back again.

Questions:

	Recommended Linux Software?
	Is my idea for the "faux" network on my side realistic?

Open VPN is installed on the Linux box but from what I've read it's talking about public/private key openSSL kinda stuff with a ca.key, certificates etc, where as this setup is a pre-shared key arrangement. I have a bit of a clue but I'm not exactly VPN Jedi Knight status so understand the concept of the pre-shared key but not the details of how to configure it with the triple DES, SHA hash stuff above.

Many TIA's

Pete