book

Linux Networking Cookbook

Name: Linux Networking Cookbook
Author: Carla Schroder
ISBN: 9780596553692

by Carla Schroder

November 2007

Beginner

642 pages

15h 43m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Linux Networking Cookbook
SPECIAL OFFER: Upgrade this ebook with O’Reilly
A Note Regarding Supplemental Files
Preface
Audience
Contents of This Book
What Is Included
Which Linux Distributions Are Used in the Book
Downloads and Feedback
Conventions
Using Code Examples

Comments and Questions
Safari® Books Online
Acknowledgments
1. Introduction to Linux Networking
1.0. IntroductionConnecting to the InternetOverview of Internet Service OptionsCable, DSL, and Dial-UpCableDSLDial-upCable, DSL, and dial-up gotchasRegulated Broadband ServicesPrivate NetworksLatency, Bandwidth, and ThroughputHardware Options for Your Linux Firewall/GatewayHigh-End Enterprise RoutersNot-So-High-End Commercial RoutersSwitchesManagement portSerial portMDI/MDI-X (Medium Dependent Interfaces)Lots of blinky lightsJumbo framesPort trunkingVLANsQoSPer-port access controlsNetwork Interface Cards (NICs)Gigabit Ethernet GotchasCablingWireless Networking
2. Building a Linux Gateway on a Single-Board Computer
2.0. IntroductionRequired HardwareSoftwareWhat to Do with Old PCs?
2.1. Getting Acquainted with the Soekris 4521
ProblemSolutionDiscussionSee Also
2.2. Configuring Multiple Minicom Profiles
ProblemSolutionDiscussionSee Also
2.3. Installing Pyramid Linux on a Compact Flash Card
ProblemSolutionDiscussionSee Also
2.4. Network Installation of Pyramid on Debian
ProblemSolutionDiscussionSee Also
2.5. Network Installation of Pyramid on Fedora
ProblemSolutionDiscussionSee Also
2.6. Booting Pyramid Linux
ProblemSolutionDiscussionSee Also
2.7. Finding and Editing Pyramid Files
ProblemSolutionDiscussionSee Also
2.8. Hardening Pyramid
ProblemSolutionDiscussionSee Also
2.9. Getting and Installing the Latest Pyramid Build
ProblemSolutionDiscussionSee Also
2.10. Adding Additional Software to Pyramid Linux
ProblemSolutionDiscussionSee Also
2.11. Adding New Hardware Drivers
ProblemSolutionDiscussionSee Also
2.12. Customizing the Pyramid Kernel
ProblemSolutionDiscussionSee Also
2.13. Updating the Soekris comBIOS
ProblemSolutionDiscussionSee Also
3. Building a Linux Firewall
3.0. IntroductionSeparating Private and PublicWindows SecurityIptables and NAT, SNAT, and DNATWhen Is a Firewall Needed?iptables Overviewiptables Policies and RulesTables OverviewSpecialized Linux Firewall and Routing DistributionsImportant Disclaimer
3.1. Assembling a Linux Firewall Box Problem
SolutionDiscussionCablingNetwork interfacesSee Also
3.2. Configuring Network Interface Cards on Debian
ProblemSolutionDiscussionConfiguration definitionsSee Also
3.3. Configuring Network Interface Cards on Fedora
ProblemSolutionDiscussionSee Also
3.4. Identifying Which NIC Is Which
ProblemSolutionDiscussionSee Also
3.5. Building an Internet-Connection Sharing Firewall on a Dynamic WAN IP Address
ProblemSolutionDiscussionSee Also
3.6. Building an Internet-Connection Sharing Firewall on a Static WAN IP Address
ProblemSolutionDiscussionSee Also
3.7. Displaying the Status of Your Firewall
ProblemSolutionDiscussionSee Also
3.8. Turning an iptables Firewall Off
ProblemSolutionDiscussionSee Also
3.9. Starting iptables at Boot, and Manually Bringing Your Firewall Up and Down
ProblemSolutionDiscussionSee Also
3.10. Testing Your Firewall
ProblemSolutionDiscussionApplication-level securitySee Also
3.11. Configuring the Firewall for Remote SSH Administration
ProblemSolutionDiscussionSee Also
3.12. Allowing Remote SSH Through a NAT Firewall
ProblemSolutionDiscussionSee Also
3.13. Getting Multiple SSH Host Keys Past NAT
ProblemSolutionDiscussionSee Also
3.14. Running Public Services on Private IP Addresses
ProblemSolutionDiscussionSee Also
3.15. Setting Up a Single-Host Firewall
ProblemSolutionDiscussionSee Also
3.16. Setting Up a Server Firewall
ProblemSolutionDiscussionSee Also
3.17. Configuring iptables Logging
ProblemSolutionSee Also
3.18. Writing Egress Rules
ProblemSolutionDiscussionSee Also
4. Building a Linux Wireless Access Point
4.0. IntroductionSecuritySee Also
4.1. Building a Linux Wireless Access Point
ProblemSolutionDiscussionSee Also
4.2. Bridging Wireless to Wired
ProblemSolutionDiscussionSee Also
4.3. Setting Up Name Services
ProblemSolutionDiscussionSee Also
4.4. Setting Static IP Addresses from the DHCP Server
ProblemSolutionDiscussionSee Also
4.5. Configuring Linux and Windows Static DHCP Clients
ProblemSolutionDiscussionSee Also
4.6. Adding Mail Servers to dnsmasq
ProblemSolutionDiscussionSee Also
4.7. Making WPA2-Personal Almost As Good As WPA-Enterprise
ProblemSolutionDiscussionSee Also
4.8. Enterprise Authentication with a RADIUS Server
ProblemSolutionDiscussionSee Also
4.9. Configuring Your Wireless Access Point to Use FreeRADIUS
ProblemSolutionDiscussionSee Also
4.10. Authenticating Clients to FreeRADIUS
ProblemSolutionDiscussionSee Also
4.11. Connecting to the Internet and Firewalling
ProblemSolutionDiscussionSee Also
4.12. Using Routing Instead of Bridging
ProblemSolutionDiscussionSee Also
4.13. Probing Your Wireless Interface Card
ProblemSolutionDiscussionSee Also
4.14. Changing the Pyramid Router's Hostname
ProblemSolutionDiscussionSee Also
4.15. Turning Off Antenna Diversity
ProblemSolutionDiscussionSee Also
4.16. Managing dnsmasq's DNS Cache
ProblemSolutionDiscussionSee Also
4.17. Managing Windows' DNS Caches
ProblemSolutionDiscussionSee Also
4.18. Updating the Time at Boot
ProblemSolutionDiscussionSee Also
5. Building a VoIP Server with Asterisk
5.0. IntroductionTest-lab Hardware and SoftwareProduction Hardware and SoftwareCall QualityDigium, Asterisk, and the Zapata Telephony ProjectAsterisk ImplementationsUsing AsteriskSee Also
5.1. Installing Asterisk from Source Code
ProblemSolutionDiscussionSee Also
5.2. Installing Asterisk on Debian
ProblemSolutionDiscussionSee Also
5.3. Starting and Stopping Asterisk
ProblemSolutionDiscussionSee Also
5.4. Testing the Asterisk Server
ProblemSolutionDiscussionSee Also
5.5. Adding Phone Extensions to Asterisk and Making Calls
ProblemSolutionDiscussionsip.confDialplansSee Also
5.6. Setting Up Softphones
ProblemSolutionDiscussionSee Also
5.7. Getting Real VoIP with Free World Dialup
ProblemSolutionDiscussionSee Also
5.8. Connecting Your Asterisk PBX to Analog Phone Lines
ProblemSolutionDiscussionSee Also
5.9. Creating a Digital Receptionist
ProblemSolutionDiscussionSee Also
5.10. Recording Custom Prompts
ProblemSolutionDiscussionSee Also
5.11. Maintaining a Message of the Day
ProblemSolutionDiscussionSee Also
5.12. Transferring Calls
ProblemSolutionDiscussionSee Also
5.13. Routing Calls to Groups of Phones
ProblemSolutionDiscussionSee Also
5.14. Parking Calls
ProblemSolutionDiscussionSee Also
5.15. Customizing Hold Music
ProblemSolutionDiscussionSee Also
5.16. Playing MP3 Sound Files on Asterisk
ProblemSolutionSee Also
5.17. Delivering Voicemail Broadcasts
ProblemSolutionDiscussionSee Also
5.18. Conferencing with Asterisk
ProblemSolutionDiscussionSee Also
5.19. Monitoring Conferences
ProblemSolutionDiscussionSee Also
5.20. Getting SIP Traffic Through iptables NAT Firewalls
ProblemSolutionDiscussionSee Also
5.21. Getting IAX Traffic Through iptables NAT Firewalls
ProblemSolutionDiscussionSee Also
5.22. Using AsteriskNOW, "Asterisk in 30 Minutes"
ProblemSolutionDiscussionSee Also
5.23. Installing and Removing Packages on AsteriskNOW
ProblemSolutionDiscussionSee Also
5.24. Connecting Road Warriors and Remote Users
ProblemSolutionDiscussionSee Also
6. Routing with Linux
6.0. IntroductionExterior ProtocolsLinux Routing and Networking Commands
6.1. Calculating Subnets with ipcalc
ProblemSolutionDiscussionSee Also
6.2. Setting a Default Gateway
ProblemSolutionDiscussionSee Also
6.3. Setting Up a Simple Local Router
ProblemSolutionDiscussionSee Also
6.4. Configuring Simplest Internet Connection Sharing
ProblemSolutionDiscussionSee Also
6.5. Configuring Static Routing Across Subnets
ProblemSolutionDiscussionSee Also
6.6. Making Static Routes Persistent
ProblemSolutionDiscussionSee Also
6.7. Using RIP Dynamic Routing on Debian
ProblemSolutionDiscussionSee Also
6.8. Using RIP Dynamic Routing on Fedora
ProblemSolutionDiscussionSee Also
6.9. Using Quagga's Command Line
ProblemSolutionDiscussionSee Also
6.10. Logging In to Quagga Daemons Remotely
ProblemSolutionDiscussionSee Also
6.11. Running Quagga Daemons from the Command Line
ProblemSolutionDiscussionSee Also
6.12. Monitoring RIPD
ProblemSolutionDiscussionSee Also
6.13. Blackholing Routes with Zebra
ProblemSolutionDiscussionSee Also
6.14. Using OSPF for Simple Dynamic Routing
ProblemSolutionDiscussionSee Also
6.15. Adding a Bit of Security to RIP and OSPF
ProblemSolutionDiscussionSee Also
6.16. Monitoring OSPFD
ProblemSolutionDiscussionSee Also
7. Secure Remote Administration with SSH
7.0. IntroductionOpenSSHSSH TunnelingOpenSSH ComponentsUsing OpenSSHKey types
7.1. Starting and Stopping OpenSSH
ProblemSolutionDiscussionSee Also
7.2. Creating Strong Passphrases
ProblemSolutionDiscussion
7.3. Setting Up Host Keys for Simplest Authentication
ProblemSolutionDiscussionSee Also
7.4. Generating and Copying SSH Keys
ProblemSolutionDiscussionSee Also
7.5. Using Public-Key Authentication to Protect System Passwords
ProblemSolutionDiscussionSee Also
7.6. Managing Multiple Identity Keys
ProblemSolutionDiscussionSee Also
7.7. Hardening OpenSSH
ProblemSolutionDiscussionSee Also
7.8. Changing a Passphrase
ProblemSolutionDiscussionSee Also
7.9. Retrieving a Key Fingerprint
ProblemSolutionDiscussionSee Also
7.10. Checking Configuration Syntax
ProblemSolutionDiscussionSee Also
7.11. Using OpenSSH Client Configuration Files for Easier Logins
ProblemSolutionDiscussionSee Also
7.12. Tunneling X Windows Securely over SSH
ProblemSolutionDiscussionSee Also
7.13. Executing Commands Without Opening a Remote Shell
ProblemSolutionDiscussionSee Also
7.14. Using Comments to Label Keys
ProblemSolutionDiscussionSee Also
7.15. Using DenyHosts to Foil SSH Attacks
ProblemSolutionDiscussionSee Also
7.16. Creating a DenyHosts Startup File
ProblemSolutionDiscussionSee Also
7.17. Mounting Entire Remote Filesystems with sshfs
ProblemSolutionDiscussionSee Also
8. Using Cross-Platform Remote Graphical Desktops
8.0. IntroductionrdesktopFreeNXVNCBuilt-in Remote Desktop Sharing in KDE and Gnome
8.1. Connecting Linux to Windows via rdesktop
ProblemSolutionDiscussionSee Also
8.2. Generating and Managing FreeNX SSH Keys
ProblemSolutionDiscussionSee Also
8.3. Using FreeNX to Run Linux from Windows
ProblemSolutionSet up the serverGet the clientSet up the connectionDiscussionSee Also
8.4. Using FreeNX to Run Linux from Solaris, Mac OS X, or Linux
ProblemSolutionDiscussionSee Also
8.5. Managing FreeNX Users
ProblemSolutionDiscussionSee Also
8.6. Watching Nxclient Users from the FreeNX Server
ProblemSolutionDiscussionSee Also
8.7. Starting and Stopping the FreeNX Serve
ProblemSolutionDiscussionSee Also
8.8. Configuring a Custom Desktop
ProblemSolutionDiscussionSee Also
8.9. Creating Additional Nxclient Sessions
ProblemSolutionDiscussionSee AlsoProblemSolutionDiscussionSee Also
8.10. Enabling File and Printer Sharing, and Multimedia in Nxclient
ProblemSolutionDiscussionSee Also
8.11. Preventing Password-Saving in Nxclient
ProblemSolutionDiscussionSee Also
8.12. Troubleshooting FreeNX
ProblemSolutionSee Also
8.13. Using VNC to Control Windows from Linux
ProblemSolutionDiscussionSee Also
8.14. Using VNC to Control Windows and Linux at the Same Time
ProblemSolutionDiscussionSee Also
8.15. Using VNC for Remote Linux -to-Linux Administration
ProblemSolutionDiscussionSee Also
8.16. Displaying the Same Windows Desktop to Multiple Remote Users
ProblemSolutionDiscussionSee Also
8.17. Changing the Linux VNC Server Password
ProblemSolutionDiscussionSee Also
8.18. Customizing the Remote VNC Desktop
ProblemSolutionDiscussionSee Also
8.19. Setting the Remote VNC Desktop Size
ProblemSolutionDiscussionSee Also
8.20. Connecting VNC to an Existing X Session
ProblemSolutionDiscussionSee Also
8.21. Securely Tunneling x11vnc over SSH
ProblemSolutionDiscussionSee Also
8.22. Tunneling TightVNC Between Linux and Windows
ProblemSolutionDiscussionSee Also
9. Building Secure Cross-Platform Virtual Private Networks with OpenVPN
9.0. IntroductionWhat About IPSec?OpenVPN
9.1. Setting Up a Safe OpenVPN Test Lab
ProblemSolutionDiscussionSee Also
9.2. Starting and Testing OpenVPN
ProblemSolutionDiscussionSee Also
9.3. Testing Encryption with Static Keys
ProblemSolutionDiscussionSee Also
9.4. Connecting a Remote Linux Client Using Static Keys
ProblemSolutionDiscussionSee Also
9.5. Creating Your Own PKI for OpenVPN
ProblemSolutionDiscussionSee Also
9.6. Configuring the OpenVPN Server for Multiple Clients
ProblemSolutionDiscussionSee Also
9.7. Configuring OpenVPN to Start at Boot
ProblemSolutionDiscussionSee Also
9.8. Revoking Certificates
ProblemSolutionDiscussionSee Also
9.9. Setting Up the OpenVPN Server in Bridge Mode
ProblemSolutionDiscussionSee Also
9.10. Running OpenVPN As a Nonprivileged User
ProblemSolutionDiscussionSee Also
9.11. Connecting Windows Clients
ProblemSolutionDiscussionSee Also
10. Building a Linux PPTP VPN Server
10.0. IntroductionWindows Client Necessary UpdatesPPTP SecurityIPSec VPNLinux RequirementsIs PPTP Really Easier?See Also
10.1. Installing Poptop on Debian Linux
ProblemSolutionDiscussionSee Also
10.2. Patching the Debian Kernel for MPPE Support
ProblemSolutionDiscussionSee Also
10.3. Installing Poptop on Fedora Linux
ProblemSolutionDiscussionSee Also
10.4. Patching the Fedora Kernel for MPPE Support
ProblemSolutionDiscussionSee Also
10.5. Setting Up a Standalone PPTP VPN Server
ProblemSolutionDiscussionSee Also
10.6. Adding Your Poptop Server to Active Directory
ProblemSolutionDiscussionSee Also
10.7. Connecting Linux Clients to a PPTP Server
ProblemSolutionDiscussionSee Also
10.8. Getting PPTP Through an iptables Firewall
ProblemSolutionDiscussionSee Also
10.9. Monitoring Your PPTP Server
ProblemSolutionDiscussionSee Also
10.10. Troubleshooting PPTP
ProblemSolutionDiscussionSee Also
11. Single Sign-on with Samba for Mixed Linux/Windows LANs
11.0. IntroductionReplacing an NT4 Domain ControllerHardware Requirements
11.1. Verifying That All the Pieces Are in Place
ProblemSolutionDiscussionSee Also
11.2. Compiling Samba from Source Code
ProblemSolutionDiscussionSee Also
11.3. Starting and Stopping Samba
ProblemSolutionDiscussionSee Also
11.4. Using Samba As a Primary Domain Controller
ProblemSolutionDiscussionSee Also
11.5. Migrating to a Samba Primary Domain Controller from an NT4 PDC
ProblemSolutionDiscussionSee Also
11.6. Joining Linux to an Active Directory Domain
ProblemSolutionDiscussionSee Also
11.7. Connecting Windows 95/98/ME to a Samba Domain
ProblemSolutionDiscussionSee Also
11.8. Connecting Windows NT4 to a Samba Domain
ProblemSolutionDiscussionSee Also
11.9. Connecting Windows NT/2000 to a Samba Domain
ProblemSolutionDiscussionSee Also
11.10. Connecting Windows XP to a Samba Domain
ProblemSolutionDiscussionSee Also
11.11. Connecting Linux Clients to a Samba Domain with Command-Line Programs
ProblemSolutionDiscussionSee Also
11.12. Connecting Linux Clients to a Samba Domain with Graphical Programs
ProblemSolutionDiscussionKonquerorNautilusSmb4kLinNeighborhoodSee Also
12. Centralized Network Directory with OpenLDAP
12.0. IntroductionLDAP Directory StructureSchemas, objectClasses, and AttributesThe "Secret" RootDSEDeciding How Deep Your Directory Is
12.1. Installing OpenLDAP on Debian
ProblemSolutionDiscussionSee Also
12.2. Installing OpenLDAP on Fedora
ProblemSolutionDiscussionSee Also
12.3. Configuring and Testing the OpenLDAP Server
ProblemSolutionDiscussionSee Also
12.4. Creating a New Database on Fedora
ProblemSolutionDiscussionObjectClasses and attributesSee Also
12.5. Adding More Users to Your Directory
ProblemSolutionDiscussionSee Also
12.6. Correcting Directory Entries
ProblemSolutionDiscussionSee Also
12.7. Connecting to a Remote OpenLDAP Server
ProblemSolutionDiscussionSee Also
12.8. Finding Things in Your OpenLDAP Directory
ProblemSolutionDiscussionSee Also
12.9. Indexing Your Database
ProblemSolutionDiscussionSee Also
12.10. Managing Your Directory with Graphical Interfaces
ProblemSolutionDiscussionSee Also
12.11. Configuring the Berkeley DB
ProblemSolutionDiscussionSee Also
12.12. Configuring OpenLDAP Logging
ProblemSolutionDiscussionSee Also
12.13. Backing Up and Restoring Your Directory
ProblemSolutionDiscussionSee Also
12.14. Refining Access Controls
ProblemSolutionDiscussionSee Also
12.15. Changing Passwords
ProblemSolutionDiscussionSee Also
13. Network Monitoring with Nagios
13.0. IntroductionSee Also
13.1. Installing Nagios from Sources
ProblemSolutionDiscussionSee Also
13.2. Configuring Apache for Nagios
ProblemSolutionDiscussionSee Also
13.3. Organizing Nagios' Configuration Files Sanely
ProblemSolutionDiscussionSee Also
13.4. Configuring Nagios to Monitor Localhost
ProblemSolutionDiscussionSee Also
13.5. Configuring CGI Permissions for Full Nagios Web Access
ProblemSolutionDiscussionSee Also
13.6. Starting Nagios at Boot
ProblemSolutionDiscussionSee Also
13.7. Adding More Nagios Users
ProblemSolutionDiscussionSee Also
13.8. Speed Up Nagios with check_icmp
ProblemSolutionDiscussionSee Also
13.9. Monitoring SSHD
ProblemSolutionDiscussionCommand definitionsHost definitionsService definitionsSee Also
13.10. Monitoring a Web Server
ProblemSolutionDiscussionSee Also
13.11. Monitoring a Mail Server
ProblemSolutionDiscussionSee Also
13.12. Using Servicegroups to Group Related Services
ProblemSolutionDiscussionSee Also
13.13. Monitoring Name Services
ProblemSolutionDiscussionSee Also
13.14. Setting Up Secure Remote Nagios Administration with OpenSSH
ProblemSolutionDiscussionSee Also
13.15. Setting Up Secure Remote Nagios Administration with OpenSSL
ProblemSolutionDiscussionSee Also
14. Network Monitoring with MRTG
14.0. Introduction
14.1. Installing MRTG
ProblemSolutionDiscussionSee Also
14.2. Configuring SNMP on Debian
ProblemSolutionDiscussionSee Also
14.3. Configuring SNMP on Fedora
ProblemSolutionDiscussionSee Also
14.4. Configuring Your HTTP Service for MRTG
ProblemSolutionDiscussionSee Also
14.5. Configuring and Starting MRTG on Debian
ProblemSolutionDiscussionSee Also
14.6. Configuring and Starting MRTG on Fedora
ProblemSolutionDiscussionSee Also
14.7. Monitoring Active CPU Load
ProblemSolutionDiscussionSee Also
14.8. Monitoring CPU User and Idle Times
ProblemSolutionDiscussionSee Also
14.9. Monitoring Physical Memory
ProblemSolutionDiscussionSee Also
14.10. Monitoring Swap Space and Memory
ProblemSolutionDiscussionSee Also
14.11. Monitoring Disk Usage
ProblemSolutionDiscussionSee Also
14.12. Monitoring TCP Connections
ProblemSolutionDiscussionSee Also
14.13. Finding and Testing MIBs and OIDs
ProblemSolutionDiscussionSee Also
14.14. Testing Remote SNMP Queries
ProblemSolutionDiscussionSee Also
14.15. Monitoring Remote Hosts
ProblemSolutionDiscussionSee Also
14.16. Creating Multiple MRTG Index Pages
ProblemSolutionDiscussionSee Also
14.17. Running MRTG As a Daemon
ProblemSolutionDiscussionSee Also
15. Getting Acquainted with IPv6
15.0. IntroductionBarriers to AdoptionAnatomy of IPv6 AddressesIPv6 address types and rangesCounting in HexadecimalMac and Windows IPv6 Support
15.1. Testing Your Linux System for IPv6 Support
ProblemSolutionDiscussionSee Also
15.2. Pinging Link Local IPv6 Hosts
ProblemSolutionDiscussionSee Also
15.3. Setting Unique Local Unicast Addresses on Interfaces
ProblemSolutionDiscussionSee Also
15.4. Using SSH with IPv6
ProblemSolutionDiscussionSee Also
15.5. Copying Files over IPv6 with scp
ProblemSolutionDiscussionSee Also
15.6. Autoconfiguration with IPv6
ProblemSolutionDiscussionSee Also
15.7. Calculating IPv6 Addresses
ProblemSolutionDiscussionSee Also
15.8. Using IPv6 over the Internet
ProblemSolutionDiscussionSee Also
16. Setting Up Hands-Free Network Installations of New Systems
16.0. IntroductionPXE BootUSB BootInstallation
16.1. Creating Network Installation Boot Media for Fedora Linux
ProblemSolutionDiscussionSee Also
16.2. Network Installation of Fedora Using Network Boot Media
ProblemSolutionDiscussionSee Also
16.3. Setting Up an HTTP-Based Fedora Installation Server
ProblemSolutionDiscussionSee Also
16.4. Setting Up an FTP-Based Fedora Installation Server
ProblemSolutionDiscussionSee Also
16.5. Creating a Customized Fedora Linux Installation
ProblemSolutionDiscussionSee Also
16.6. Using a Kickstart File for a Hands-off Fedora Linux Installation
ProblemSolutionDiscussionSee Also
16.7. Fedora Network Installation via PXE Netboot
ProblemSolutionDiscussionSee Also
16.8. Network Installation of a Debian System
SolutionDiscussionSee Also
16.9. Building a Complete Debian Mirror with apt-mirror
ProblemSolutionDiscussionSee Also
16.10. Building a Partial Debian Mirror with apt-proxy
ProblemSolutionDiscussionSee Also
16.11. Configuring Client PCs to Use Your Local Debian Mirror
ProblemSolutionDiscussionSee Also
16.12. Setting Up a Debian PXE Netboot Server
ProblemSolutionDiscussionSee Also
16.13. Installing New Systems from Your Local Debian Mirror
ProblemSolutionDiscussionSee Also
16.14. Automating Debian Installations with Preseed Files
ProblemSolutionDiscussionSee Also
17. Linux Server Administration via Serial Console
17.0. Introduction
17.1. Preparing a Server for Serial Console Administration
ProblemSolutionDiscussionModemsSee Also
17.2. Configuring a Headless Server with LILO
ProblemSolutionDiscussionSee Also
17.3. Configuring a Headless Server with GRUB
ProblemSolutionDiscussionSee Also
17.4. Booting to Text Mode on Debian
ProblemSolutionDiscussionSee Also
17.5. Setting Up the Serial Console
ProblemSolutionDiscussionFile permissionsSee Also
17.6. Configuring Your Server for Dial-in Administration
ProblemSolutionDiscussionSee Also
17.7. Dialing In to the Server
ProblemSolutionDiscussionSee Also
17.8. Adding Security
ProblemSolutionDiscussionSee Also
17.9. Configuring Logging
ProblemSolutionDiscussionSee Also
17.10. Uploading Files to the Server
ProblemSolutionDiscussionSee Also
18. Running a Linux Dial-Up Server
18.0. Introduction
18.1. Configuring a Single Dial-Up Account with WvDial
ProblemSolutionDiscussionSee Also
18.2. Configuring Multiple Accounts in WvDial
ProblemSolutionDiscussionSee Also
18.3. Configuring Dial-Up Permissions for Nonroot Users
ProblemSolutionDiscussionSee Also
18.4. Creating WvDial Accounts for Nonroot Users
ProblemSolutionDiscussionSee Also
18.5. Sharing a Dial-Up Internet Account
ProblemSolutionDiscussionSee Also
18.6. Setting Up Dial-on-Demand
ProblemSolutionDiscussionSee Also
18.7. Scheduling Dial-Up Availability with cron
ProblemSolutionDiscussionSee Also
18.8. Dialing over Voicemail Stutter Tones
ProblemSolutionDiscussionSee Also
18.9. Overriding Call Waiting
ProblemSolutionDiscussionSee Also
18.10. Leaving the Password Out of the Configuration File
ProblemSolutionDiscussionSee Also
18.11. Creating a Separate pppd Logfile
ProblemSolutionDiscussion
19. Troubleshooting Networks
19.0. IntroductionTesting and Tracing CablingSpares for Testing
19.1. Building a Network Diagnostic and Repair Laptop
ProblemSolutionDiscussionSee Also
19.2. Testing Connectivity with ping Problem
ProblemSolutionDiscussionSee Also
19.3. Profiling Your Network with FPing and Nmap
ProblemSolutionDiscussionSee Also
19.4. Finding Duplicate IP Addresses with arping
ProblemSolutionDiscussionSee Also
19.5. Testing HTTP Throughput and Latency with httping
ProblemSolutionDiscussionSee Also
19.6. Using traceroute, tcptraceroute, and mtr to Pinpoint Network Problems
ProblemSolutionDiscussionSee Also
19.7. Using tcpdump to Capture and Analyze Traffic
ProblemSolutionDiscussionSee Also
19.8. Capturing TCP Flags with tcpdump
ProblemSolutionDiscussionSee Also
19.9. Measuring Throughput, Jitter, and Packet Loss with iperf
ProblemSolutionDiscussionSee Also
19.10. Using ngrep for Advanced Packet Sniffing
ProblemSolutionDiscussionSee Also
19.11. Using ntop for Colorful and Quick Network Monitoring
ProblemSolutionDiscussionSee Also
19.12. Troubleshooting DNS Servers
ProblemSolutionDiscussionSee Also
19.13. Troubleshooting DNS Clients
ProblemSolutionDiscussionSee Also
19.14. Troubleshooting SMTP Servers
ProblemSolutionDiscussionSee Also
19.15. Troubleshooting a POP3, POP3s, or IMAP Server
ProblemSolutionDiscussionSee Also
19.16. Creating SSL Keys for Your Syslog-ng Server on Debian
ProblemSolutionDiscussionSee Also
19.17. Creating SSL Keys for Your Syslog-ng Server on Fedora
ProblemSolutionDiscussionSee Also
19.18. Setting Up stunnel for Syslog-ng
ProblemSolutionDiscussionSee Also
19.19. Building a Syslog Server
ProblemSolutionDiscussionSee Also
A. Essential References
B. Glossary of Networking Terms
C. Linux Kernel Building Reference
C.1. Building a Custom KernelPrerequisitesBuilding a Vanilla KernelConfiguration OptionsAdding New Loadable Kernel ModulesPatching a KernelCustomizing Fedora KernelsCustomizing Debian KernelsSee Also
About the Author
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Linux Networking Cookbook

9.4. Connecting a Remote Linux Client Using Static Keys

Problem

You followed the previous recipes and everything works. Now, what do you do for a production VPN server? You want to set it up so that you can connect to your work network from your home Linux PC. Your work Internet account has a static, routable IP address. Your home PC has no overlapping addresses with your work network or your OpenVPN addressing. Your OpenVPN server is on your border router.

Solution

Again, keep in mind that using a static key is less secure than using a proper Public Key Infrastructure (PKI).

Follow the previous recipe to generate and distribute the shared static key. Then, you'll need more options in your configuration files, and to configure your firewall to allow the VPN traffic.

Your setup should look something like Figure 9-2.

Next, copy these client and server configurations, using your own IP addresses and domain names. The local IP address must be your WAN address. These files have different names than in the previous recipe, which speeds up testing as you will see:

Figure 9-2. Remote user logging in over VPN from home

	## openvpn server2.conf
	dev tun
	proto udp
	ifconfig 10.0.0.1 10.0.0.2
	local 208.201.239.37
	secret /etc/openvpn/keys/static.key
	keepalive 10 60
	comp-lzo
	daemon

Next, the client configuration file:

 ## openvpn client2.conf remote router.alrac.net dev tun ifconfig 10.0.0.2 10.0.0.1 route ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596102487Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Linux Networking Cookbook

by Carla Schroder

9.4. Connecting a Remote Linux Client Using Static Keys

Problem

Solution

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Linux Networking Cookbook

Linux Security Cookbook

Linux Administration Cookbook

Practical Linux Security Cookbook - Second Edition

Publisher Resources