Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 633 — #659
i
i
i
i
i
i
i
i
26
Security in the Network
Note
If you select ‘Import’ ➝ ‘From Hard Disk’ here, you can select the
source in the file system. This option can also be used to import
certificates from a USB stick as transport medium, for example.
Note
26.2 VPN with SUSE LINUX
VPN (virtual private network) refers to a technology used to implement
secure data connections via the insecure medium of the Internet. Commu-
nication is not with the Internet, but via the Internet. The data packages
are encrypted here for authentication and confidentiality and are packed
into a new package (tunneling). This is an economical way to produce a se-
cure network between geographically far-flung computers. The standard
for this kind of data traffic is IPSEC (Internet protocol security), which is
implemented under Linux (among others) by means of the FreeS/WAN
program.
The establishment of a VPN connection requires the availability of digi-
tal certificates from all participating parties, which are used to verify the
validity of the connection. Such certificates can be created with YaST then
used for VPN. Section 26.1 on page 620 contains a brief explanation of the
background of digital certification and outlines how to create and manage
certificates yourself. The next sections explain how to set up a VPN server
and VPN clients under Linux and Windows using YaST.
26.2.1 Setting up Road Warrior Servers
A Road Warrior server is a VPN server configuration that accepts connec-
tions from any clients with valid and signed CA certificates. Three steps to
set up a Road Warrior server and these are explained below.
1. Create a server certificate on the CA management computer
2. Import a certificate on the server computer
3. Set up a connection on the server.
633SUSE LINUX Enterprise Server