msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2010-10-21 23:56+0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):6 msgid "Gentoo vpnc HOWTO" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(author:title):8 msgid "Author" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail:link):9 msgid "dhaskew@earthlink.net" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail):9 msgid "David H. Askew" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(author:title):11 ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(author:title):14 ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(author:title):17 msgid "Contributor" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail:link):12 msgid "swift@gentoo.org" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail):12 msgid "Sven Vermeulen" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail:link):15 msgid "fauli@gentoo.org" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail):15 msgid "Christian Faulhammer" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail:link):18 msgid "fischer@unix-ag.uni-kl.de" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail):18 msgid "Thomas Fischer" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(author:title):20 msgid "Editor" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(mail:link):21 msgid "nightmorph" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(abstract):24 msgid "This document details how to connect your workstation to a Cisco VPN concentrator utilizing vpnc to manage the connection." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(version):33 msgid "3" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(date):34 msgid "2010-07-29" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):37 msgid "Introduction" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):41 msgid "If you're reading this, then you likely need to connect to your office network from home or during travel. Many companies utilize Cisco 3000 VPN concentrators for their VPN needs, and I am willing to bet that most Linux newbies think that they are forced to use Windows to connect to them. Well, this document informs you that connecting to a Cisco VPN is very possible and will hopefully enable you to setup a working tunnel using your Gentoo workstation or laptop." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):53 msgid "What this document is" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):57 msgid "A guide to the basic workings of vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):58 msgid "A discussion of DNS and routing issues that relate to VPNs" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):59 msgid "Examples of managing VPN sessions" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):60 msgid "Useful tips and tricks (hopefully)" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):66 msgid "What this document is not" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):70 msgid "An in-depth guide to VPN/encryption technologies" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):71 msgid "A feature by feature explanation of vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):77 msgid "Assumptions" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):80 msgid "The assumptions made at this point are:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):85 msgid "You have Gentoo installed" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):86 msgid "You have Internet access" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):87 msgid "You want to connect to a Cisco 3000 VPN concentrator" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):88 msgid "You know how to configure, build, and install a new kernel" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):96 msgid "Kernel Configuration" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):100 msgid "In order for Linux to be able to open a VPN connection Universal TUN/TAP device driver support must be enabled in the kernel. What is it and why do you need it? Below is a relatively straight forward explanation from the kernel configuration dialog:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):107 msgid "CONFIG_TUN" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):107 #, no-wrap msgid "\nTUN/TAP provides packet reception and transmission for user space\nprograms. It can be viewed as a simple Point-to-Point or Ethernet\ndevice, which instead of receiving packets from a physical media,\nreceives them from user space program and instead of sending packets\nvia physical media writes them to the user space program.\n\nWhen a program opens /dev/net/tun, driver creates and registers\ncorresponding net device tunX or tapX. After a program closed above\ndevices, driver will automatically delete tunXX or tapXX device and\nall routes corresponding to it.\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):120 msgid "You can verify yourself if your kernel has TUN/TAP support with the following command:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):125 msgid "Checking the kernel config" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):125 #, no-wrap msgid "\n# grep \"TUN\" /usr/src/linux/.config\nCONFIG_INET_TUNNEL=m\n# CONFIG_INET6_TUNNEL is not set\n# CONFIG_IPV6_TUNNEL is not set\n(TUN/TAP enabled as a module)\nCONFIG_TUN=m\n# CONFIG_8139TOO_TUNE_TWISTER is not set\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):135 msgid "As you can see above, CONFIG_TUN=m is compiled as a module. If it is disabled in your setup, enable it in your kernel of choice, rebuild, install, reboot and return to this document before continuing with the next steps." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):141 msgid "Configuration location in the kernel configuration dialog" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):141 #, no-wrap msgid "\nDevice Drivers --->\n Network device support --->\n [*] Universal TUN/TAP device driver support\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):147 msgid "If you built TUN/TAP support directly into the kernel, you should see information from dmesg output like the following:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):152 ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):174 msgid "Checking dmesg output" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):152 ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):174 #, no-wrap msgid "\n# dmesg | grep TUN\nUniversal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):157 msgid "If you build TUN/TAP support as a module, you first must load the tun module:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):162 msgid "Load tun module" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):162 #, no-wrap msgid "\n# modprobe tun\n# lsmod\nModule Size Used by\ntun 7296 0\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):169 msgid "Now that the tun module is loaded, check dmesg output. You should see something like the following:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):184 msgid "Install Needed Software" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):188 msgid "Now that you have a working kernel setup, you need to install net-misc/vpnc:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):193 msgid "Installing vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):193 #, no-wrap msgid "\n# emerge -av net-misc/vpnc\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):202 msgid "Example Setup" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):206 msgid "In order to make the following sections more clear, we need an example setup to work from. For the purposes of this exercise, we will assume that you have a home network of several computers. All computers are on the 192.168.0.0 / 255.255.255.0 network. The LAN in question is run by a Gentoo box using an iptables firewall, DHCP, caching DNS, etc ... and it masquerades the LAN behind the public IP address it receives from an ISP. You also have a workstation on the LAN from which you want to be able to VPN into your office with." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):216 msgid "Our example workstation configuration looks like the following:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):220 msgid "Our workstation configuration" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):220 #, no-wrap msgid "\n(Name server configuration)\n# cat /etc/resolv.conf\nnameserver 192.168.0.1\n\n(Network configuration)\n# cat /etc/hosts\n127.0.0.1 desktop localhost\n192.168.0.1 router\n192.168.2.2 mediacenter\n\n(Interface configuration)\n# ifconfig -a\neth0 Link encap:Ethernet HWaddr 00:11:2F:8D:08:08\n inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0\n inet6 addr: fe80::211:2fff:fe8d:808/64 Scope:Link\n UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:3657889 errors:0 dropped:0 overruns:0 frame:0\n TX packets:2305893 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:1000\n RX bytes:2193722103 (2092.0 Mb) TX bytes:1415104432 (1349.5 Mb)\n Interrupt:185 Memory:fac00000-0\n\nlo Link encap:Local Loopback\n inet addr:127.0.0.1 Mask:255.0.0.0\n inet6 addr: ::1/128 Scope:Host\n UP LOOPBACK RUNNING MTU:16436 Metric:1\n RX packets:35510 errors:0 dropped:0 overruns:0 frame:0\n TX packets:35510 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:0\n RX bytes:16023838 (15.2 Mb) TX bytes:16023838 (15.2 Mb)\n\n(Routing information)\n# netstat -r\nKernel IP routing table\nDestination Gateway Genmask Flags MSS Window irtt Iface\n192.168.0.0 * 255.255.255.0 U 0 0 0 eth0\nloopback desktop 255.0.0.0 UG 0 0 0 lo\ndefault router 0.0.0.0 UG 0 0 0 eth0\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):266 msgid "Configuring vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):270 msgid "Now that you have vpnc installed and we have an example to work from, let's discuss the basics of setting up vpnc. The configuration file for vpnc connection settings can be located in a couple places, depending on how many profiles you want to setup. By default, vpnc looks first for /etc/vpnc/default.conf for its connection settings. If it doesn't find that file, then it looks for /etc/vpnc.conf. This setup will only address a single profile example and will use the configuration file location /etc/vpnc.conf. Make sure you do not have a /etc/vpnc/default.conf file." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):282 msgid "Example /etc/vpnc.conf file" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):282 #, no-wrap msgid "\nIPSec gateway vpngateway.domain.org\nIPSec ID group_id\nIPSec secret group_password\nXauth username network_signon\nXauth password network_password\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):290 msgid "The configuration file example above should be modified to reflect the appropriate values for your setup. The gateway option vpngateway.domain.org can be a fully qualified domain name or an IP address. The ID and secret options should be given to you by a network administrator. If you cannot obtain this information but you currently have a working setup on a Windows box which utilizes the official Cisco VPN client, then all you have to do is export your profile. The user name and password options are for your normal network sign-on, such as a Windows NT domain account." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):302 msgid "If you are forced to export your profile from a Windows machine, then what you will likely have is a file ending in .pcf. This file will have all the information you need. Below is an example:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):308 msgid "Example profile.pcf file" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):308 #, no-wrap msgid "\n[main]\nDescription=\nHost=VPNGATEWAY.DOMAIN.ORG\nAuthType=1\nGroupName=group_id\nGroupPwd=\nenc_GroupPwd=F3256220AA200A1D532556024F4F314B0388D48B0FBF2DB12\nEnableISPConnect=0\nISPConnectType=0\nISPConnect=FOOBAR\nISPCommand=\nUsername=\nSaveUserPassword=0\nUserPassword=\nenc_UserPassword=\nNTDomain=\nEnableBackup=0\nBackupServer=\nEnableMSLogon=1\nMSLogonType=0\nEnableNat=1\nTunnelingMode=0\nTcpTunnelingPort=10000\nCertStore=0\nCertName=\nCertPath=\nCertSubjectName=\nCertSerialHash=00000000000000000000000000000000\nSendCertChain=0\nVerifyCertDN=\nDHGroup=2\nForceKeepAlives=0\nPeerTimeout=90\nEnableLocalLAN=0\nEnableSplitDNS=1\nForceNetLogin=0\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):347 msgid "In the above example, we can see entries for Host, GroupName and enc_GroupPwd. Your Username and UserPassword may or may not be exported depending on the setup. To generate a working vpnc configuration out of it, you can use pcf2vpnc, included with vpnc." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):354 msgid "You can decrypt the password with the help from the cisco-decrypt program, shipped with the latest vpnc." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):362 msgid "Testing your setup" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):365 msgid "Now that you have a configuration in place, it's time to test your setup. To start vpnc you do the following:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):370 msgid "Example vpnc usage" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):370 #, no-wrap msgid "\n# vpnc\nEnter password for username@vpngateway.domain.org:\nVPNC started in background (pid: 14788)...\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):376 msgid "As you can see from the above command output, once you type vpnc (as root), you are prompted for your password. After entering your password, which will not be echoed back to you, the vpnc process will automatically become a background process." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):383 msgid "If you specified the Xauth password option in your vpnc config file, then you will not be prompted for your password at vpnc startup. Additionally, if vpnc needs some extra options not specified in the configuration file, or if you have forgotten something, don't worry, it will ask you for it." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):391 msgid "Sample interface configuration changes made by vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):391 #, no-wrap msgid "\n# ifconfig -a\neth1 Link encap:Ethernet HWaddr 00:11:2F:8D:08:08\n inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0\n inet6 addr: fe80::211:2fff:fe8d:808/64 Scope:Link\n UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:2101119 errors:0 dropped:0 overruns:0 frame:0\n TX packets:1577559 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:1000\n RX bytes:1757862627 (1676.4 Mb) TX bytes:732200131 (698.2 Mb)\n Interrupt:177 Memory:faa00000-0\n\nsit0 Link encap:IPv6-in-IPv4\n NOARP MTU:1480 Metric:1\n RX packets:0 errors:0 dropped:0 overruns:0 frame:0\n TX packets:0 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:0\n RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)\n\ntun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00\n inet addr:192.168.160.42 P-t-P:192.168.160.42 Mask:255.255.255.255\n UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1\n RX packets:1 errors:0 dropped:0 overruns:0 frame:0\n TX packets:9 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:500\n RX bytes:60 (60.0 b) TX bytes:616 (616.0 b)\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):419 msgid "Sample routing modifications made by vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):419 #, no-wrap msgid "\n# netstat -r\nKernel IP routing table\nDestination Gateway Genmask Flags MSS Window irtt Iface\nvpn01.domain.or router 255.255.255.255 UGH 1500 0 0 eth1\n192.168.0.0 * 255.255.255.0 U 0 0 0 eth1\nloopback desktop 255.0.0.0 UG 0 0 0 lo\ndefault * 0.0.0.0 U 0 0 0 tun0\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):429 msgid "As you can see from the above command output(s), vpnc has done the following:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):435 msgid "Created the tun0 network interface, a virtual interface to handle the traffic across your VPN tunnel" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):439 msgid "Obtained the IP address for the tun0 device from your VPN provider" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):440 msgid "Set the default route to your VPN gateway" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):443 msgid "At this point, your workstation is capable of communicating with hosts via the VPN. Because vpnc sets your default route to your VPN gateway, all network traffic will travel across the VPN, even if it destined for the Internet or elsewhere not specifically specified by additional routes. For some, this basic type of connection may be satisfactory, but for most, additional steps need to be taken." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):452 msgid "Additional things you might want to have:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):457 msgid "DNS for the VPN" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):458 msgid "A routing setup that will only send traffic destined for the VPN down the virtual tunnel. This way, you can browse the Internet while connected to the VPN, without your personal web/p2p etc. traffic going across the tunnel." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(li):464 msgid "A script to manage all this, because vpnc just doesn't do enough by default." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):470 msgid "When you are ready to end the VPN session, execute vpnc-disconnect. An example is shown below." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):475 msgid "Don't disconnect yet, because we have additional things to test. The example below is just for informational purposes." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):480 msgid "vpnc-disconnect" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):480 #, no-wrap msgid "\n# vpnc-disconnect\nTerminating vpnc daemon (pid: 26250)\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):490 msgid "Set up DNS" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):494 msgid "Unfortunately, vpnc doesn't handle the setup and management of DNS for your newly established tunnel. The user is left to decide how DNS should be handled. You could just overwrite /etc/resolv.conf when you connect, but that would utilize your VPN DNS for all DNS queries regardless of whether or not the traffic is destined for your VPN tunnel. This is a very functional solution and if you simply need to connect to the tunnel, do your work, and then disconnect, read no further. But, if you want to be able to leave your tunnel connected for lengthy periods of time and don't want your work DNS servers handling requests for your personal traffic, read on." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):506 msgid "The ideal setup would allow you to separate your DNS queries into two categories: VPN-related and other. Under this setup, all VPN-related DNS queries would be answered by DNS servers located at the other end of your VPN tunnel and all other queries would continue to be answered by local or ISP supplied DNS servers. This is the setup that will be demonstrated here." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):514 msgid "We will consider VPN-related DNS queries to be any query belonging to the example.org domain, such as host1.example.org or server1.example.org." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):519 msgid "So how do you set things up, so that only requests made to hosts on the example.org domain get sent to VPN supplied DNS servers? Well, you're going to need to install a local DNS server, but don't worry, it's much easier than you think. There are several software packages that can handle the type of setup we desire, but for the purposes of this demonstration, dnsmasq will be utilized. Let's emerge it now:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):528 msgid "This DNS server software will not be available to the network, and will only answer requests from localhost, 127.0.0.1." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):533 msgid "Install dnsmasq" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):533 #, no-wrap msgid "\n# emerge dnsmasq\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):537 msgid "Now you need to add an option to your dnsmasq startup options. Edit the following option to suit your needs. Substitute .example.org with the appropriate domain and the IP address with a valid DNS server that belongs to the VPN tunnel." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):544 msgid "/etc/conf.d/dnsmasq" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):544 #, no-wrap msgid "\nConfig file for /etc/init.d/dnsmasq\n\n# See the dnsmasq(8) man page for possible options to put here.\nDNSMASQ_OPTS=\"-S /.example.org/192.168.125.10\"\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):551 msgid "Next, make sure that the first entry in /etc/resolv.conf is your local host 127.0.0.1, followed by the location of the backup DNS servers that should handle the DNS traffic in case dnsmasq fails to start, or if it needs to forward a DNS query it doesn't currently have in its cache. An example /etc/resolv.conf is shown below." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):559 msgid "/etc/resolv.conf" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):559 #, no-wrap msgid "\nnameserver 127.0.0.1\nnameserver 192.168.0.1\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):564 msgid "Now that you have setup a rule for your VPN tunnel DNS, you need to start dnsmasq." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):569 msgid "Starting up dnsmasq" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):569 #, no-wrap msgid "\n# /etc/init.d/dnsmasq start\n# rc-update add dnsmasq default\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):579 msgid "Configuring the routing table" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):583 msgid "The ideal scenario would be if only the traffic destined for VPN tunnel would travel across the link. At this point, you have a VPN tunnel setup and all traffic will travel across the tunnel, unless you specify additional routes. In order to fix this situation you need to know what networks are available to you on your VPN. The easiest way to find out the needed information is to ask a network administrator, but sometimes they are reluctant to answer such questions. If your local network admin won't provide the needed information, some trial and error experiments will be required." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):594 msgid "When the VPN tunnel was started, vpnc set the default route to the tunnel. So you must set your default route back to normal, so that things work as expected." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):600 msgid "Resetting your default route" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):600 #, no-wrap msgid "\n# route add default gw 192.168.0.1\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):604 msgid "Earlier, when DNS services were being configured for your VPN, you specified a DNS server to handle your example.org domain. You need to add a route for the 192.168.125.0 subnet so that DNS queries will work." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):610 msgid "Adding a route for dns" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):610 #, no-wrap msgid "\n# route add -net 192.168.125.0 netmask 255.255.255.0 dev tun0\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):614 msgid "At this point, you should add any additional routes for known networks (such as for the subnet 192.168.160.0, which includes the IP address received by the TUN/TAP virtual device). If your friendly network administrator gave you the required info, great. Otherwise, you might need to ping hosts you will be connecting to frequently, to give yourself an idea about what your routing table should look like." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):623 msgid "Due to your setup, when using VPN network services by name, you must specify the fully qualified domain name, for instance: webserver1.example.org" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):628 msgid "Ping example" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):628 #, no-wrap msgid "\n# ping intranet1.example.org\nPING intranet1.example.org (172.25.230.29) 56(84) bytes of data.\n\n\n--- intranet1.example.org ping statistics ---\n18 packets transmitted, 0 received, 100% packet loss, time 16997ms\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):637 msgid "As you can see from the above example, the ping probes to intranet1.example.org were unsuccessful. So we need to add a route for that subnet." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):643 msgid "another route command example" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):643 #, no-wrap msgid "\n# route add -net 172.25.230.0 netmask 255.255.255.0 dev tun0\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):647 msgid "A few ping and route commands later, you should be well on your way to a well working routing table." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):657 msgid "Manage the connection" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):659 msgid "Calling vpnc when needed" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):662 msgid "Next is an example script to manage the VPN connection. You could execute it (as root) from an xterm to start a connection to your VPN. Then all you have to do is press return to disconnect the VPN. Obviously you will need to modify this for your setup, remembering to add all the additional routes that you may need." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):670 msgid "Example session management script" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):670 #, no-wrap msgid "\n#!/bin/bash\n\nsource /sbin/functions.sh\n\nebegin \"Connecting to the VPN\"\nvpnc\neend\n\nebegin \"Modifying the routing table\"\nroute add default gw 192.168.0.1\nroute add -net 172.25.230.0 netmask 255.255.255.0 dev tun0\nroute add -net 192.168.160.0 netmask 255.255.255.0 dev tun0\nroute add -net 192.168.125.0 netmask 255.255.255.0 dev tun0\neend\n\neinfo \"Press any key to disconnect ...\"\n\nread $disconnect\n\nebegin \"Disconnecting from the VPN\"\nvpnc-disconnect\neend\nebegin \"Reconfiguring the default routing table\"\nroute add default gw 192.168.0.1\neend\n\neinfo \"VPN should now be disconnected\"\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):703 msgid "Start vpnc on boot" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):706 msgid "Version 0.4.0-r1 of vpnc contains an init script (/etc/init.d/vpnc) which can handle multiple configurations. The default script looks for /etc/vpnc/vpnc.conf, but as many configurations as can be imagined are possible. Before and after shutdown and start-up custom-made scripts can be executed that are connected by their name to the corresponding init script (since version 0.5.1-r1). Their names end in -preup.sh, -postup.sh, -predown.sh and -postdown.sh, stored in the /etc/init.d/scripts.d/ directory. The general naming scheme is sketched in the following table." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(th):720 msgid "init script name" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(th):721 msgid "needed configuration file" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(th):722 msgid "preup script name" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(ti):725 msgid "/etc/init.d/vpnc" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(ti):726 msgid "/etc/vpnc/vpnc.conf" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(ti):727 msgid "/etc/vpnc/scripts.d/vpnc-preup.sh" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(ti):730 msgid "/etc/init.d/vpnc.work" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(ti):731 ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):840 msgid "/etc/vpnc/work.conf" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(ti):732 ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):823 msgid "/etc/vpnc/scripts.d/work-preup.sh" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):736 msgid "Add vpnc to default runlevel with the following commands (in this case for the standard configuration). Don't forget to add the tun module (if you have built it that way) to the kernels autoload mechanism at startup." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):742 msgid "Adding vpnc to startup scripts" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):742 #, no-wrap msgid "\n# rc-update add vpnc default\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):746 msgid "If you don't want to save your password in the configuration file, you can tell the init script to show all output and prompts on standard output by editing /etc/conf.d/vpnc. Set the variable VPNCOUTPUT to yes or no, where its default is to not display screen output." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(note):753 msgid "The init scripts don't handle DNS separation, but you can use the custom scripts to achieve that. See Tips and Tricks." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):763 msgid "Tips and Tricks" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):765 msgid "Graphical remote access" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):768 msgid "If you are looking for a Linux application that supports RDP (Remote Desktop Protocol) then give grdesktop a try. It's a GUI app written in GTK+ that fits in well with a Gnome desktop, but doesn't require it. If you don't want the GUI configuration dialogs that grdesktop provides, then just install rdesktop. Ultimately, grdesktop is just a frontend for rdesktop." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):776 msgid "If you are a KDE user, you might want to try kvpnc. It a appears to be a very mature VPN management GUI." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):781 msgid "If you need to connect to a Windows machine which doesn't have a DNS entry, and you know the address of an available WINS server, you can use a tool called nmblookup to query the WINS server for the host name of the machine you want to connect to. Unfortunately, you have to install samba to get it, but if you are going to be working with boxes running Windows you might as well want to install samba, because it includes several other useful tools." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):790 msgid "Installing samba" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):790 #, no-wrap msgid "\n# emerge -av samba\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):794 msgid "When you have samba and its tools installed, test nmblookup by asking the WINS server at IP address 192.168.125.11 about a host named wintelbox1." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):799 msgid "nmblookup example" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):799 #, no-wrap msgid "\n# nmblookup -U 192.168.125.11 -R 'wintelbox1'\nquerying wintelbox1 on 192.168.125.11\n172.25.230.76 wintelbox1\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):808 msgid "Custom scripts on boot" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):811 msgid "The custom-made scripts for the init.d file can be used to setup a user-defined routing for the vpnc connection. The examples below show how to setup the routing table so that only connections to 123.234.x.x are routed over the VPN and all other connections use the default gateway. The example uses work-preup.sh to save the current default gateway before starting vpnc (which resets the default gateway using the VPN connection). Once vpnc has been started, work-postup.sh deletes this new default gateway, restores the old default gateway and sets the route for all connections to 123.234.x.x to use the vpnc connection." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):823 #, no-wrap msgid "\n#!/bin/sh\nroute -n | grep -E '^0.0.0.0 ' | cut -c 17-32 >/var/tmp/defaultgw\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre:caption):828 msgid "/etc/vpnc/scripts.d/work-postup.sh" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):828 #, no-wrap msgid "\n#!/bin/sh\nroute del -net 0.0.0.0 netmask 0.0.0.0 dev tun1\nroute add default gw $(cat /var/tmp/defaultgw)\nroute add -net 123.234.0.0 netmask 255.255.0.0 dev tun1\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):835 msgid "The example scripts assume that the vpnc connection uses tun1 as tun device. You can set the device name in the connection's configuration file." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(pre):840 #, no-wrap msgid "\nInterface name tun1\nIPSec gateway vpn.mywork.com\nPidfile /var/run/vpnc.work.pid\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):851 msgid "Useful Links" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(uri:link):857 msgid "http://www.unix-ag.uni-kl.de/~massar/vpnc/" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(uri):857 msgid "vpnc homepage" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(uri:link):860 msgid "http://home.gna.org/kvpnc/en/index.html" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(uri):860 msgid "kvpnc homepage" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(uri:link):863 msgid "http://www.nongnu.org/grdesktop/" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(uri):863 msgid "grdesktop homepage" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(title):872 msgid "Final Notes" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(p):876 msgid "Hopefully by now you have been able to connect to your VPN of choice and are well on your way to remote office work. Feel free to file a bug at bugs.gentoo.org should you find a mistake or wish to make an addition or recommendation regarding this document." msgstr "" #. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL #: ../../gentoo/xml/htdocs/doc/en//vpnc-howto.xml(None):0 msgid "translator-credits" msgstr ""