VPND Frequently Asked Questions 
$Header: /pack/anoncvs/vpnd/FAQ.TXT,v 1.10 1999/11/19 15:51:42 ast Exp $

Please DO NOT email the developers/FAQ maintainer directly with questions
concerning vpnd & its operation. Please email the mailing list instead.

VPND developers: Andreas Steinmetz - Primary/Original Developer of VPND
                 <astmail@yahoo.com>
                 (See Website for current list of developers)
FAQ Maintainer: Robert Hardy, C.E.O. Webcon, Inc. <rhardy@webcon.net>

Table Of Contents:
1. Introduction
2. Checklist of required elements
3. VPND Return Codes and Debugging
4. Known Good Configurations
5. Known Problems
6. What is a good Linux distribution for use with VPND?
7. Will VPND do this (Fill in blank)?
8. How do I get VPND to handle multiple clients?
9. Where can I get Redhat style init scripts?
10. Does this work with a Windows Box?
11. Can I use this with Microsoft Virtual Private Networking?
12. Can I use this to hookup Windows style LANs (and get browsing working)?
13. Why am I seeing so many overruns on my slip device (Linux specific)?
14. How do I make Windows Neighbourhood Networking work over vpnd?

1. Introduction:

  This file will attempt to answer all the frequently asked questions which
  have gone through the VPND mailing list, attempt to provide solutions to
  common problems, and provide debugging information for VPND.

  Please read this document throughly before asking questions on the mailing
  list. If you are looking for commercial paid consulting, it is available
  mail the author for details.


2. Checklist of required elements: (elements required for proper operation)
  -Both zlib & zlib-devel must be installed and be at least version 1.1.3.
  -/dev/random and/or /dev/urandom must be present.
  -slip & cslip support must either be compiled into the kernel or
   (perhaps preferably) compiled as modules and loaded for normal operation.
  -A common encryption key must be present on both client & server
  -client & server must be separate machines with IP connectivity


3. VPND Return Codes and Debugging:

  Some of the return codes have an offset of 128 in the source code.
  Thus return code 105 may show up as 233 in the source code.

  -If you see "Crypto init failed, reason <TO BE ADDED LATER>"
   You may be missing /dev/random or /dev/urandom

  -If you see "Crypto init failed reason 1" it means Key/IV send failed.
   Could be either a key mismatch or in combination with the above errors
   point to a bad tcp connection. VPND can do this for several minutes
   before it successfully brings back up a hung VPND link.  Please note that
   this may be caused by still filled transmission buffers though it isn't
   clear yet.

  -If you see "slip link failed, reason 4" it means Connect/Listen failed.
   This indicates either the client can't reach the server (server not
   running, server didn't detect connection loss) or the server couldn't
   bind the socket (e.g. another vpnd already running). If I remember
   correctly this error may occur if the 'suspend' option is used and an
   automatic disconnect is initiated. It can indicate that you have not
   properly configured your kernel for SLIP or you are missing CSLIP support
   in your kernel.  If you are using Linux and have compiled your SLIP
   support as modules make sure they are loaded with lsmod. 

  -If you see "Peer link failed, reason 105" it means Data receive failed.
   This is typically either a bad tcp connection (lost packets and
   retransmits exceed time limits, 'rxmax' and 'sendbuf' tuning may help in
   this case) or a missing zlib (build without zlib, CVS code now does a
   startup syslog message with version and compression info, the -h command
   line option gives now compression info, too) on the receiving end.  As
   another test, try disabling compression with the nocompress option (see
   vpnd.conf). If the problem goes away you are either using an old version
   of zlib or you are missing part of the zlib package.  When using Redhat,
   this frequently happens if you have the zlib rpm installed but do not
   have the zlib-devel rpm installed.

  -If you see "Peer link failed, reason 106" you are seeing a Peer read 
   Data send failed, probably bad tcp connection (see reason 105 above).

4. Known Good Configurations:

  Redhat 6.0, Kernel V2.2.13, VPND V1.0.8
  Suse 6.0, Kernel V2.2.13, VPND V1.0.8

  The following operating systems are supported:
    
   Linux 1.2.x (1.2.9 tested)
   Linux 2.0.x (2.0.35 tested)
   Linux 2.2.x (2.2.1 & 2.2.12-13 tested)
   FreeBSD     (3.3-RELEASE tested)


5. Known Problems:

  You will need to use 'rndcontrol' on FreeBSD systems to be able
  to generate key files on FreeBSD systems.
  Version 1.1.0 is the first version for FreeBSD so there may be
  bugs lurking (serial line functionality is untested for FreeBSD,
  please report success/failure).

6. What is a good Linux distribution for use with VPND?  

  I'm sure that this is a religious issue for some but I recommend:
  The latest stable Redhat distribution along with the latest stable kernel. 
  This is currently, Redhat 6.1 and Linux V2.2.13.  See
  http://www.redhat.com for Redhat Mirrors (or to buy a CD). See you local
  kernel.org mirror for kernel source see http://www.kernel.org.


7. Will VPND do this (Fill in blank)?

  Please read this FAQ and if you still don't know the answer to your
  question, mail the mailing list. See http://sunsite.auc.dk/vpnd/ for
  details.


8. How do I get VPND to handle multiple clients?  

  The simple answer is, in its current configuration, you don't. VPND in its
  current configuration is really a peer to peer system.  Please don't
  misunderstand this. You can hook up a large number of machines with VPND
  but it must be done on a point to point basis. We have found that the
  simplest way to plan this out is to assign a port to each circuit in a
  virtual private network. Below is a typical VPN layout. Note that each
  connection requires a client and server VPND process. Also note each peer
  does not need to know anything about the other peers if it doesn't connect
  to them (as long as you manage IP conflicts properly).

  VPN Design Documentation

  Client Port      Server Port
  Peer1 30001 <-> Peer2 30001
  Peer1 30002 <-> Peer3 30002
  Peer3 30003 <-> Peer2 30003
  Peer2 30004 <-> Peer4 30004
  Peer3 30005 <-> Peer4 30005

  Networks 
  192.168.0. -> Peer1's Network
  192.168.1. -> Peer2's Network
  192.168.2. -> Peer3's Network
  192.168.3. -> Peer4's Network

  Connection IPs
  192.168.0.1 -> Peer1's IP
  192.168.0.2 -> Peer2's Network
  192.168.0.3 -> Peer3's Network
  192.168.0.4 -> Peer4's Network


9. Where can I get Redhat style init scripts?

  One or more VPN init script(s) are now available. 
  See samples/README.initscripts.


10. Does this work with a Windows Box?

  Yes, but not directly. It is not designed to run on Windows. It is
  designed to run on Unix style server which can be accessed by any TCP/IP
  style client.


11. Can I use this with Microsoft Virtual Private Networking?

  While VPND can co-exist with other servers which use Microsoft VPN,
  it is designed to only communicate directly with other VPNDs.


12. Can I use this to hookup Windows style LANs (and get browsing working)?

  Yes. Once VPND is properly configured workgroup browsing in Windows should
  work properly over VPND. If you are using Samba you may have to use its
  Remote Browse List Synchronization features.


13. Why am I seeing so many overruns on my slip device (Linux specific)?

  What is getting reported as overruns is probably compressed slip packets. 
  Some ifconfig binaries do not label the fields properly for slip devices. 
  To fix the problem, you should find and install the latest version of
  ifconfig suitable to your kernel (2.0.x vs. 2.2.x etc.).

14. How do I make Windows Neighborhood networking work over VPND?

  You must setup Linux/Samba so that NetBIOS gets routed properly. If you
  can access a machine on a different, masqueraded network using UNC naming,
  e.g. \\server, but you cannot see it or any machines in your Network
  Neighborhood, then chances are the NetBIOS broadcasts necessary for
  Network Neighborhood to work are not crossing the networks.

  See here for details:
  http://www.linuxplanet.com/linuxplanet/tutorials/1159/1/

  You will also want the nbfw patch from here:
  http://malt-whisky.student.utwente.nl/nbfw/download.html

