A virtual private network (VPN) is a group of two or more computer systems, typically connected to a private network with limited public network access, that communicate securely over a public network. VPNs may connect a single computer to a private network (client-server), or a remote LAN to a private network (server-server). VPNs often include the use of encryption, strong authentication of remote users or hosts, and methods for hiding the private network's topology.
Debian は暗号化されたバーチャルプライベートネットワークを設置するための パッケージを多く提供しています。
vtun
tunnelv (non-US section)
cipe-source, cipe-common
tinc
secvpn
pptpd
openvpn
FIXME: Update the information here since it was written with FreeSWAN in mind. Check Bug #237764 and Message-Id: <
[email protected]>.
The OpenSWAN package is probably the best choice overall, since it promises to interoperate with almost anything that uses the IP security protocol, IPsec (RFC 2411). However, the other packages listed above can also help you get a secure tunnel up in a hurry. The point to point tunneling protocol (PPTP) is a proprietary Microsoft protocol for VPN. It is supported under Linux, but is known to have serious security issues.
8.5.1. Point to Point tunneling
If you want to provide a tunneling server for a mixed environment (both Microsoft operating systems and Linux clients) and IPsec is not an option (since it's only provided for Windows 2000 and Windows XP), you can use PoPToP (Point to Point Tunneling Server), provided in the pptpd package.
If you want to use Microsoft's authentication and encryption with the server provided in the
ppp package, note the following from the FAQ:
It is only necessary to use PPP 2.3.8 if you want Microsoft compatible
MSCHAPv2/MPPE authentication and encryption. The reason for this is that
the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP
2.3.8. If you don't need Microsoft compatible authentication/encryption
any 2.3.x PPP source will be fine.
However, you also have to apply the kernel patch provided by the kernel-patch-mppe package, which provides the pp_mppe module for pppd.