Hibernate and OpenVPN
Greg Woods
woods at ucar.edu
Mon Mar 22 22:33:03 UTC 2010
On Mon, 2010-03-22 at 21:43 +0000, Timothy Murphy wrote:
> Greg Woods wrote:
>
> > Related to the original topic, I use an ipsec-tools style VPN, and it
> > recovers automatically on wakeup.
>
> I'm not sure what this means.
> What did you do, exactly?
To fully answer this question would be a major research project, since
it has been an ongoing project for several years and I have never really
documented everything I did. But basically it involves installing the
ipsec-tools package, creating a racoon.conf file on each end, generating
a cert for the server and client (and installing them on each side), and
generating an appropriate config file for "setkey" to route traffic
through the tunnel. Cert authentication can happen with no intervention,
the tunnel is set up inside the kernel automatically. The racoon daemon
is only for doing the session key negotiation (IKE).
Complicating this has been dealing with one of the clients being behind
a NAT box, the NAT box itself having a dynamic IP address, etc. But it
works reliably and it comes up automatically on resume.
You can start with the ipsec-tools home page at:
http://ipsec-tools.sourceforge.net/
--Greg
More information about the users
mailing list