2.4. Establishing a VPN Connection

IPsec, provided by Libreswan, is the preferred method for creating a VPN in Red Hat Enterprise Linux 7. The GNOME graphical user interface tool described below requires the NetworkManager-libreswan-gnome package. To install the package, run the following command as root: 
~]# yum install NetworkManager-libreswan-gnome
See Red Hat Enterprise Linux 7 System Administrator's Guide for more information on how to install new packages in Red Hat Enterprise Linux 7.
Establishing a Virtual Private Network (VPN) enables communication between your Local Area Network (LAN), and another, remote LAN. This is done by setting up a tunnel across an intermediate network such as the Internet. The VPN tunnel that is set up typically uses authentication and encryption. After successfully establishing a VPN connection using a secure tunnel, a VPN router or gateway performs the following actions upon the packets you transmit:
  1. it adds an Authentication Header for routing and authentication purposes;
  2. it encrypts the packet data; and,
  3. it encloses the data in packets according to the Encapsulating Security Payload (ESP) protocol, which constitutes the decryption and handling instructions.
The receiving VPN router strips the header information, decrypts the data, and routes it to its intended destination (either a workstation or other node on a network). Using a network-to-network connection, the receiving node on the local network receives the packets already decrypted and ready for processing. The encryption and decryption process in a network-to-network VPN connection is therefore transparent to clients.
Because they employ several layers of authentication and encryption, VPNs are a secure and effective means of connecting multiple remote nodes to act as a unified intranet.

Procedure 2.3. Adding a New VPN Connection

You can configure a new VPN connection by opening the Network window and selecting the plus button below the menu.
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Click the plus button at the bottom of the window.
    Adding a connection

    Figure 2.13. Adding a connection

  3. The Add Network Connection window appears. Select the VPN menu entry.
    Selecting the VPN menu

    Figure 2.14.  Selecting the VPN menu

  4. For manually configuration, select IPsec based VPN.
    Configuring VPN on IPsec mode

    Figure 2.15.  Configuring VPN on IPsec mode

  5. In the Identity configuration form, you can specify the fields in the General and Advanced sections:
    General and Advanced sections

    Figure 2.16. General and Advanced sections

  • In General section, you can specify:
Gateway
The name or IP address of the remote VPN gateway.
User name
If required, enter the user name used to authenticate with the VPN for the user's identity.
User password
If required, enter the password used to authenticate with the VPN for the user's identity.
Group name
The name of a VPN group configured on the remote gateway. In case it is blank, the IKEv1 Main mode is used instead of the default Aggressive mode.
Secret
It is a pre-shared key which is used to initialize the encryption before the user's authentication. If required, enter the password associated with the group name.
  • The following configuration settings are available under the Advanced section:
Phase1 Algorithms
If required, enter the algorithms to be used to authenticate and set up an encrypted channel.
Phase2 Algorithms
If required, enter the algorithms to be used for the IPsec negotiations.
Domain
If required, enter the Domain Name.

Procedure 2.4. Editing an Existing VPN Connection

You can configure an existing VPN connection by opening the Network window and selecting the name of the connection from the list.
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the VPN connection you want to edit from the left hand menu.
  3. Click the Configure button.
    Editing an existing VPN connection

    Figure 2.17. Editing an existing VPN connection

  4. Select the Identity menu entry on the left, and specify the fields in the General section:
    Configuring an existing VPN connection

    Figure 2.18.  Configuring an existing VPN connection

Saving Your New (or Modified) Connection and Making Further Configurations

Once you have finished editing your new VPN connection, click the Save button to save your customized configuration. If the profile was in use while being edited, power cycle the connection to make NetworkManager apply the changes. If the profile is OFF, set it to ON or select it in the network connection icon's menu. See Section 2.3.1, “Connecting to a Network Using a GUI” for information on using your new or altered connection.
You can further configure an existing connection by selecting it in the Network window and clicking Configure to return to the Editing dialog.
Then, to configure: