Cover V12, I03

Article
Figure 1
Figure 2
Figure 3

mar2003.tar

Figure 1 Changes to the default config file

*** vpnd.conf             Tue May 21 23:51:44 2002
--- vpnd.conf-extclient   Sun Dec  1 14:02:41 2002
***************
*** 10,42 ****
--- 10,44 ----
  # general parameters
  # ---------------------------------------------------
  #
  # pidfile <pathname-of-file>
  #
  # optional, file where pid of vpnd is stored, if not
  # given no file is used, file is deleted when daemon
  # terminates
  #
  # example: pidfile /var/run/vpnd.pid
+ pidfile /var/run/vpnds1.pid
  #
  # randomdev <random-number-device-file>
  #
  # optional, source of random data, default is /dev/random
  # which may block if insufficient entropy is available so
  # you may decide to use /dev/urandom instead which should
  # be safe enough but does not block,
  # note that for Linux 1.x system you may have to start
  # the supplied randomd daemon if you don't have a good
  # random number source, in this case your random device
  # is /dev/randomd
  #
  # example: randomdev /dev/urandom
+ randomdev /dev/urandom
***************
*** 51,80 ****
--- 53,84 ----
  # example: keyttl 30
  #
  # keepalive [<time-in-seconds>]
  #
  # optional, when given pings peer every n seconds where n is
  # the optional time in seconds parameter, if parameter is not
  # given default to ping every second, if keepalive is not given
  # default is not to ping, ignored if keysize is 0 (no ping)
  #
  # example: keepalive 2
+ keepalive 20
  #
  # noanswer <packet-amount>
  #
  # optional, amount of idle ping packets in serial line
  # mode after which the line will be dropped if there
  # is no ping reply, works only, if keepalive option
  # is given, default is to drop line after 10 unanswered
  # packets
  #
  # example: noanswer 3
+ noanswer 6
***************
*** 115,185 ****
--- 119,194 ----
  # general parameters (available with version 1.0.4)
  # ---------------------------------------------------
  #
  # linkup <process-pathname>
  #
  # optional, full pathname of (hashed) process
  # which is called asynchonously when the vpn
  # link is established
  #
  # example: linkup /etc/vpnd.linkup
+ linkup /etc/vpnd/romeoffice-up
  #
  # linkdown <process-pathname>
  #
  # optional, full pathname of (hashed) process
  # which is called asynchonously when the vpn
  # link is terminated
  #
  # example: linkdown /etc/vpnd.linkdown
  #
  # ---------------------------------------------------
  # basic operation mode
  # ---------------------------------------------------
  #
  # mode client|server
  #
  # mandatory, selects client or server mode
  #
  # example: mode client
+ mode client
  #
  # client <ip>|<device-file> [<port>]
  #
  # mandatory, defines client device file or ip, in case of
  # client ip (host name may be given if the -l command line parameter
  # is used) client port number may be given (default is any port),
  # if mode is server and client ip is 0.0.0.0 no peer ip check is done,
  # if client is device file device file must be located in /dev,
  # if ip, server must be ip, if device, server must be device,
  # note that ip in example below is deliberately wrong
  #
  # examples: client 393.405.5.55 2001
  #           client /dev/cua1
+ client 0.0.0.0 0
  #
  # server <ip|device-file> [<port>]
  #
  # mandatory, defines server device file or ip, in case
  # of server ip (host name may be given if the -l command line parameter
  # is used) server port number may be given (default port is 379),
  # if server device file device file must be located in /dev,
  # if ip, client must be ip, if device, client must be device,
  # note that ip in example below is deliberately wrong
  #
  # examples: server 327.526.4.27 2001
  #           server /dev/cua0
+ server 262.5.4.3 24741
  #
  # keyfile <shared-secret-file>
  #
  # optional, defines the pathname of the shared secret file which
  # must be created with the -m option of vpnd, if not given default
  # of /etc/vpnd.key is used
  #
  # example: keyfile /var/adm/mysecret.key
+ keyfile /etc/vpnd/vpnd.conf-server1
***************
*** 216,243 ****
--- 225,254 ----
  # SLIP parameters
  # ---------------------------------------------------
  #
  # local <ip>
  #
  # mandatory, defines local ip of encrypted network interface,
  # a host name may be given if the command line option -l is
  # used, note that ip in example below is deliberately wrong
  #
  # example: local 393.405.5.57
+ local 10.0.12.1
  #
  # remote <ip>
  #
  # mandatory, defines peer ip of encrypted network interface,
  # a host name may be given if the command line option -l is
  # used, note that ip in example below is deliberately wrong
  #
  # example: remote 327.526.4.25
+ remote 10.0.12.2
 
© 2003 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com