SYNOPSIS
secvpn [-v][-n][-s][-r] start|stop|routedel|routeadd|test|status [Host]DESCRIPTION
Secvpn builds a virtual private network (vpn) as defined in /etc/network/secvpn.conf. The vpn uses encryption based on ssh security.
Before secvpn can be used you have to create some prerequisites. See PREREQUISITES below.
The following subcommands may be used with secvpn:
- start
- is used to start the vpn. Secvpn will add new ppp interfaces necessary to make the vpn work, but will not automatically add routes (see the routeadd option below). If the recursive option is set, secvpn will log into the passive hosts and run "secvpn -r start" on them too.
- stop
- is used to stop the vpn.
- routeadd
- is used to setup new routing entries based on secvpn.conf. Secvpn will first add the route active->passive, then tell the passive host to add the route back. The route in the passive host will be added according to the configuration file there (in the passive host), so if the configuration files differ, things will not work.
- routedel
- will delete the routing entries built with routeadd.
- test
- checks whether the ppp interface is used to reach O_CRYPT_IP.
- status
-
same as test, but checks all vpns if no host is named (instead of only active vpns as 'test' does).
OPTIONS
- -v
- verbose output
- -n
- do nothing
- -s
- be silent
- -r
-
work recursive
PREREQUISITES
Before secvpn can be used you have to enable passwordless ssh access for user "secvpn" from the initiator secvpn pc to the target secvpn pc. Use authorized_ keys or RhostsRSAAuthentication with the .shosts file. Have a look to the ssh - manpages for more information.
Before secvpn can be used you have to give root rights for specific commands to the user "secvpn". This can be done with the followin command:
-
echo "secvpn ALL=NOPASSWD: /usr/sbin/secvpn, /usr/sbin/pppd" >>/etc/sudoers
EXAMPLES
There are 3 examples in /usr/share/doc/secvpn/examples:Example1: secvpn acts as router connection 2 subnets
Example2: secvpn having one lan-card and connect 2 subnets
Example3: secvpn having one lan-card and connect 11 subnets in a tree structure
OTHER
To have real security it is necessary to secure each secvpn host and to have firewalls on each secvpn host allowing only selected IP-Adresses and Ports to pass through the VPN.
AUTHOR
Bernd Schumacher, HP Consulting, HEWLETT-PACKARD GmbH, Bad Homburg, 2000-2005COPYRIGHT
Copyright: Most recent version of the GPL.On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in "/usr/share/common-licenses/GPL".