
This software and its accompanying spec file is provided ''AS-IS''.
Please see main vpnd README for legal statement.

This RPM was built and tested on Redhat 6.x based machines but should work
on similar rpm based systems. It was only tested in "tcp" configuration. It
has not been tested by the packager in "leased line", "nullmodem" or
"virtual" configuration although nothing has been changed from the original
source so properly configured it should work fine.
 
This RPM is designed around a /etc/vpnd directory. Either all of said
directory or only the files relevant to each host is expected to be securely
propagated to each host on the virtual private network. SSH works well for
propagation. NEVER send your keys unencrypted!

Using this centralized directory based approach the virtual private network
can then be easily managed in a single directory on a configuration master
host without worrying about whether files have been updated on each machine.

If you think the hosts on your VPN are out of sync, simply progate from the
config master and restart vpnd on each machine.

Please note that you should only propagate the entire /etc/vpnd directory
from the config. master if you actually trust everyone in the VPN. If you
don't trust them, only propagate to a given host the files it needs to
operate (via an scp script for example).

To simplify configuration this RPM imposes the following requirements: 
1. For an given VPN connection, both hosts (client & server) will use the
   same TCP/IP port number.
2. No more that two hosts will use a given TCP port for their VPN.

The script in this RPM expect to find config files in /etc/vpnd named
this way: <Hostname>_<VPN TCP Port>.conf
i.e. If your hostname was jupiter and you chose port 30001 for your first
VPN port your file would be named: jupiter_30001.conf

The script also expects to find a shared key for each VPN #

For a sample VPN with three hosts (earth, venus & pluto) here is what
you could see in /etc/vpnd:
KEEP_EARTH_CURRENT <- A 0 byte file indicating which host is the config master
earth_30001.conf # These files indicate that earth has three PtoP connections
earth_30002.conf
pluto_30001.conf
venus_30002.conf
networklayoutpolicy.txt <- This doc could contain your network layout.
vpnd_30001.key <- These are the keys used by the various PtoP connections
vpnd_30002.key

The file networklayoutpolicy.txt and config master pointer are not required
but they are recommeded as they reduce confusion.

This example obviously illustrates that every host on a network need not
have a direct link to every other host on the VPN (pluto & venus do not have
a direct VPN link). It is up to you to either only link hosts which need to
talk to each other or setup routes / firewall forwarding rules to ensure
that the necessary hosts can talk to each other.

Installation instructions (for Redhat 6.x):
1. Login as root on the configuration master (CM) ; rpm -Uvh vpnd.rpm 
2. Design your network topology and put it in networklayoutpolicy.txt
3. Fill /etc/vpnd with necessary .conf & .key files for all machines
   on the VPN. See samples/(tcp.client.conf|tcp.server.conf)
4. If host != CM rpm -Uvh vpnd.rpm 
5. Add vpnd to your run levels with: chkconfig --add vpnd     
   (Type chkconfig without args for help)
6. If host != CM fill /etc/vpnd with files from CM.
7. Repeat 4-6 on each host in the VPN.
8. Start vpnd on each host in the VPN with /etc/rc.d/init.d/vpnd start
9. Test your VPN

