To Tomasez@zelow.no vpnd on floppyfw How To ------------------------ Yoshimasa Takami y-takami@r2i.co.jp Hi, This time, I built 2 floppyfw environment connected with vpnd. I appreciate floopyfw very very much. This is a very good software. There is a vpnd package for floppyfw(*1). But to make it active on floppyfw, you have to do something. Following is the process. (*1) http://www.zelow.no/floppyfw/download/packages/vpnd/vpnd.bz2 1) make kernel with SLIP First, I complied kernel with SLIP. floppyfw-1.0.11.img hasn't been compied with SLIP options. a) put .config into /usr/src/linux (for me this is linux-2.2.19) I got .config from (*2). I added following lines to .config. --- CONFIG_SLIP=y CONFIG_SLIP_COMPRESSED=y CONFIG_SLIP_SMART=y --- and one more line.(at 2001/10/23, there is no following line) --- CONFIG_VFAT_FS=y --- b) make oldconfig dep clean bzImage c) cp /usr/src/linux/arch/i386/boot/bzImage /mnt/floppy/vmlinuz (*2) http://www.zelow.no/floppyfw/download/config-floppyfw 2) use following post-vpnd.ini Second, copy a vpnd.bz2 package to A:\packages. And put following post-vpnd.ini into the same directory. Key point is you must make device files. This is a server vpnd version .ini. And you have to make vpnd.key with vpnd -m and tar it into vpnd.bz2 --- #!/bin/sh # post-vpnd.ini # # VPND between KOUBE and TKY # Create by Yoshimasa Takami # 2001/10/22 # y-takami@r2i.co.jp . /etc/config # # VPND Configuration # VPNPORT=${VPNDPORT} # # Build the config file # echo "mode server" >> /etc/vpnd.conf echo "client ${KOUBE_GATEWAY} ${VPNPORT} " >> /etc/vpnd.conf echo "server ${TKY_GATEWAY} ${VPNPORT} " >> /etc/vpnd.conf echo "remote ${KOUBE_LOCAL}" >> /etc/vpnd.conf echo "local ${TKY_LOCAL}" >> /etc/vpnd.conf echo "autoroute" >> /etc/vpnd.conf echo "route1 ${KUOBE_NETWORK} ${KOUBE_NETMASK} ${KOUBE_LOCAL}" >> /etc/vpnd.conf echo "keepalive 10" >> /etc/vpnd.conf echo "noanswer 3" >> /etc/vpnd.conf echo "keyfile /etc/vpnd.key" >> /etc/vpnd.conf echo "pidfile /var/run/vpnd.pid" >> /etc/vpnd.conf echo "randomdev /dev/urandom" >> /etc/vpnd.conf echo "mtu 1600" >> /etc/vpnd.conf /bin/mknod -m 644 /dev/random c 1 8 /bin/mknod -m 644 /dev/urandom c 1 9 /bin/chown root:root /dev/random /dev/urandom /bin/mknod -m 666 /dev/ptyp0 c 2 0 /bin/chown root:root /dev/ptyp0 /bin/vpnd --- * KOUBE_GATEWAY & TKY_GATEWAY is global address on floppyfw. * KOUBE_LOCAL & TKY_LOCAL is private address on floppyfw. 3) When you use MASQ When you use IP masquarading, you have to accept packets before masquarading. firewall.ini --- ipchains -P forward DENY ipchains -A forward -j ACCEPT -s ${TKY_NET}/${TKY_MASK} -d ${KOUBE_NET}/${KOUBE_MASK} ipchains -A forward -j ACCEPT -s ${KOUBE_NET}/${KOUBE_MASK} -d ${TKY_NET}/${TKY_MASK} ipchains -A forward -j MASQ -i ${OUTSIDE_DEV} -l --- * TKY_NET contains TKY_LOCAL * KOUBE_NET contains KOUBE_LOCAL Now you can ping to every machine.