NAME¶
secvpn - Control the Secure Virtual Private Network
SYNOPSIS¶
secvpn [
-v][
-n][
-s][
-r]
start|stop|routedel|routeadd|test|status [
Host]
DESCRIPTION¶
Secvpn builds a virtual private network (vpn) as defined in
/etc/network/secvpn.conf. The vpn uses encryption based on ssh security.
Before secvpn can be used you have to create some prerequisites. See
PREREQUISITES below.
The following subcommands may be used with secvpn:
- start
- is used to start the vpn. Secvpn will add new ppp
interfaces necessary to make the vpn work, but will not automatically add
routes (see the routeadd option below). If the recursive option is set,
secvpn will log into the passive hosts and run "secvpn -r start"
on them too.
- stop
- is used to stop the vpn.
- routeadd
- is used to setup new routing entries based on secvpn.conf.
Secvpn will first add the route active->passive, then tell the passive
host to add the route back. The route in the passive host will be added
according to the configuration file there (in the passive host), so if the
configuration files differ, things will not work.
- routedel
- will delete the routing entries built with routeadd.
- test
- checks whether the ppp interface is used to reach
O_CRYPT_IP.
- status
- same as test, but checks all vpns if no host is named
(instead of only active vpns as 'test' does).
OPTIONS¶
- -v
- verbose output
- -n
- do nothing
- -s
- be silent
- -r
- work recursive
PREREQUISITES¶
Before secvpn can be used you have to enable passwordless ssh access for user
"secvpn" from the initiator secvpn pc to the target secvpn pc. Use
authorized_ keys or RhostsRSAAuthentication with the .shosts file. Have a look
to the ssh - manpages for more information.
Before secvpn can be used you have to give root rights for specific commands to
the user "secvpn". This can be done with the followin command:
-
echo "secvpn ALL=NOPASSWD: /usr/sbin/secvpn, /usr/sbin/pppd" >>/etc/sudoers
Before secvpn can be used you have to edit /etc/secvon.conf. See secvpn.conf(4).
EXAMPLES¶
There are 3 examples in /usr/share/doc/secvpn/examples:
Example1: secvpn acts as router connection 2 subnets
Example2: secvpn having one lan-card and connect 2 subnets
Example3: secvpn having one lan-card and connect 11 subnets in a tree structure
OTHER¶
To have real security it is necessary to secure each secvpn host and to have
firewalls on each secvpn host allowing only selected IP-Adresses and Ports to
pass through the VPN.
AUTHOR¶
Bernd Schumacher, HP Consulting, HEWLETT-PACKARD GmbH, Bad Homburg, 2000-2005
COPYRIGHT¶
Copyright: Most recent version of the GPL.
On Debian GNU/Linux systems, the complete text of the GNU General Public License
can be found in "/usr/share/common-licenses/GPL".
SEE ALSO¶
secvpn(1) secvpnmon(1) ssh(1) timeout(1) secvpn.conf(4)