Product SiteDocumentation Site

6.3.4. Establishing a VPN Connection

Establishing an encrypted Virtual Private Network (VPN) enables you to communicate securely between your Local Area Network (LAN), and another, remote LAN. After successfully establishing a VPN connection, a VPN router or gateway performs the following actions upon the packets you transmit:
  1. it adds an Authentication Header for routing and authentication purposes;
  2. it encrypts the packet data; and,
  3. it encloses the data with an Encapsulating Security Payload (ESP), which constitutes the decryption and handling instructions.
The receiving VPN router strips the header information, decrypts the data, and routes it to its intended destination (either a workstation or other node on a network). Using a network-to-network connection, the receiving node on the local network receives the packets already decrypted and ready for processing. The encryption/decryption process in a network-to-network VPN connection is therefore transparent to clients.
Because they employ several layers of authentication and encryption, VPNs are a secure and effective means of connecting multiple remote nodes to act as a unified intranet.
Procedure 6.5. Adding a New VPN Connection
  1. You can configure a new VPN connection by opening the Network window and selecting the VPN menu entry.
  2. Click on the NetworkManager applet icon in the Notification Area. Clicking on the Network Settings menu entry opens the Network window, from where you can view some basic network configuration information and initiate configuration tasks.
  3. Click on the VPN menu entry followed by Configure and proceed to Section 6.3.4, “Establishing a VPN Connection”. If there is no VPN menu entry click on the plus sign at the bottom. A dialog box appears. Ensure the interface is set to VPN.

    A VPN plug-in is required

    The appropriate NetworkManager VPN plug-in for the VPN type you want to configure must be installed. (refer to Section 4.2.4, “Installing Packages” for more information on how to install new packages in Fedora 17).
  4. Click the Create button to open the Choose a VPN Connection Type assistant.
  5. Select the VPN protocol for the gateway you are connecting to from the dropdown menu. The VPN protocols available for selection in the dropdown menu corresponds to the NetworkManager VPN plug-ins installed. For example, if the NetworkManager VPN plug-in for openswanis installed then the IPsec based VPN will be selectable from the dropdown menu.
    After selecting the correct one, press the Create... button.
  6. The Editing VPN Connection 1 window then appears. This window presents settings customized for the type of VPN connection you selected in Step 5.
You can configure an existing VPN connection by opening the Network window and selecting the VPN menu entry.
  1. Click on the NetworkManager applet icon in the Notification Area and click Network Settings. The Network window appears.
  2. Select the VPN menu entry.
  3. Select the connection you wish to edit and click the Configure button.
Editing the newly-created VPN connection 1.
A screenshot of the Editing VPN connection 1 window. The VPN tab is on the left and in the foreground
Figure 6.9. Editing the newly-created VPN connection 1.

Configuring the Connection Name, Auto-Connect Behavior, and Availability Settings

Three settings in the Editing dialog are common to all connection types:

Configuring the VPN Tab

Gateway
The name or IP address of the remote VPN gateway.
Group name
The name of a VPN group configured on the remote gateway.
User password
If required, enter the password used to authenticate with the VPN.
Group password
If required, enter the password used to authenticate with the VPN.
User name
If required, enter the username used to authenticate with the VPN.
Phase1 Algorithms
If required, enter the algorithms to be used to authenticate and set up an encrypted channel.
Phase2 Algorithms
If required, enter the algorithms to be used for the IPsec negotiations.
Domain
If required, enter the Domain Name.
NAT traversal
Cisco UDP (default) — IPsec over UDP.
NAT-T — ESP encapsulation and IKE extensions are used to handle NAT Traversal.
Disabled — No special NAT measures required.
Disable Dead Peer Detection — Disable the sending of probes to the remote gateway or endpoint.

Saving Your New (or Modified) Connection and Making Further Configurations

Once you have finished editing your new VPN connection, click the Apply button and NetworkManager will immediately save your customized configuration. Given a correct configuration, you can connect to your new or customized connection by selecting it from the NetworkManager Notification Area applet. See Section 6.2.1, “Connecting to a Network” for information on using your new or altered connection.
You can further configure an existing connection by selecting it in the Network Connections window and clicking Edit to return to the Editing dialog.
Then, to configure: