Product SiteDocumentation Site

2.2.7. Establishing a VPN Connection

Establishing a Virtual Private Network (VPN) enables communication between your Local Area Network (LAN), and another, remote LAN. This is done by setting up a tunnel across an intermediate network such as the Internet. The VPN tunnel that is set up typically uses authentication and encryption. After successfully establishing a VPN connection using a secure tunnel, a VPN router or gateway performs the following actions upon the packets you transmit:
  1. it adds an Authentication Header for routing and authentication purposes;
  2. it encrypts the packet data; and,
  3. it encloses the data in packets according to the Encapsulating Security Payload (ESP) protocol, which constitutes the decryption and handling instructions.
The receiving VPN router strips the header information, decrypts the data, and routes it to its intended destination (either a workstation or other node on a network). Using a network-to-network connection, the receiving node on the local network receives the packets already decrypted and ready for processing. The encryption and decryption process in a network-to-network VPN connection is therefore transparent to clients.
Because they employ several layers of authentication and encryption, VPNs are a secure and effective means of connecting multiple remote nodes to act as a unified intranet.
Procedure 2.3. Adding a New VPN Connection
You can configure a new VPN connection by opening the Network window and selecting the plus symbol below the menu.
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the plus symbol below the menu. The Add Network Connection window appears.
  3. Select the VPN menu entry. The view now changes to offer configuring a VPN manually, or importing a VPN configuration file.
    The appropriate NetworkManager VPN plug-in for the VPN type you want to configure must be installed. (see Fedora 25 System Administrator's Guide for more information on how to install new packages in Fedora 25).
  4. Click the Add button to open the Choose a VPN Connection Type assistant.
  5. Select the VPN protocol for the gateway you are connecting to from the menu. The VPN protocols available for selection in the menu correspond to the NetworkManager VPN plug-ins installed. For example, if the NetworkManager-openswan-gnome package is installed then the IPsec based VPN will be selectable from the menu.
  6. The Add Network Connection window changes to present the settings customized for the type of VPN connection you selected in the previous step.
Procedure 2.4. Editing an Existing VPN Connection
You can configure an existing VPN connection by opening the Network window and selecting the name of the connection from the list. Then click the Edit button.
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the VPN connection you want to edit from the left hand menu.
  3. Click the Configure button.

Configuring the Connection Name, Auto-Connect Behavior, and Availability Settings

Five settings in the Editing dialog are common to all connection types, see the General tab:

Configuring the VPN Tab

Gateway
The name or IP address of the remote VPN gateway.
Group name
The name of a VPN group configured on the remote gateway.
User password
If required, enter the password used to authenticate with the VPN.
Group password
If required, enter the password used to authenticate with the VPN.
User name
If required, enter the user name used to authenticate with the VPN.
Phase1 Algorithms
If required, enter the algorithms to be used to authenticate and set up an encrypted channel.
Phase2 Algorithms
If required, enter the algorithms to be used for the IPsec negotiations.
Domain
If required, enter the Domain Name.

Saving Your New (or Modified) Connection and Making Further Configurations

Once you have finished editing your new VPN connection, click the Save button to save your customized configuration. If the profile was in use while being edited, power cycle the connection to make NetworkManager apply the changes. If the profile is OFF, set it to ON. See Section 2.2.1, “Connecting to a Network Using a GUI” for information on using your new or altered connection.
You can further configure an existing connection by selecting it in the Network window and clicking Configure to return to the Editing dialog.
Then, to configure: