VPN operating system interoperability -- configure VPNs with Unix

Here are the steps we'll follow to implement a VPN in our AIX environment:

Let's start with the filesets (the equivalent of RPMs in Linux or packages in Solaris). In AIX, one needs to install specific filesets that are not part of the base distribution of AIX. This is necessary to create VPN IPsec tunnels. You can do this using either the System Management Interface Tool (SMIT) or installp. You can verify whether these filesets are present by running the command:

# lslpp –f fileset

The AIX filesets required include:

You can configure Internet Key Exchange (IKE) tunnels using the Web-based System Manager tool (using the wsm command), SMIT or the command line.

Usually, the easiest way to configure IKE tunnels is via the IKE tunnel wizards in WSM (though most AIX admins despise WSM with a passion). I usually prefer SMIT to WSM as an interface because it is not a GUI, but you still have to edit many xml files, so this solution is not ideal either. Using SMIT, its fastpath would be smit ike4 (IPv4). The database functions are found in the Advanced IP Security Configuration menu.

Using WSM, one can use the GUI basic configuration wizard, but only for the initial configuration. To configure using WSM, one need only:

At this point, you follow the steps in the wizard to configure the IKE tunnel. After it is defined, it displays on the tunnels list and can be either activated or modified.

Using the command line, one must e

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

# Ike cmd=activate numlist=1

One can also use the IP address:

# ike cmd=activate ipaddr=190.36.57.4 190.36.57.8

To display status:

# ike cmd=list

One should see an output showing that the tunnels are active:

Phase 1 Tunnel ID [1]
Phase 2 Tunnel ID [1]

To view tunnel definitions, one would use the ikedb command:

# ikedb –g

I'm often asked how AIX interoperates with Linux-based VPNs. A popular implementation of IPsec for GNU/Linux implementation for Linux is provided by FreeS/WAN and is available for Linux kernels 2.2 and later (they provide a version for the 2.6 kernel). It provides a subset of the IPsec functionality that AIX has. There is a conversion utility available through the ikedb command that helps interoperability with Linux. Using the -c option, one can define tunnels between Linux and AIX on the Linux systems. Instead of using the ike activate command, one would use this command to activate the tunnel from Linux:

# ipsec auto –up aix

Regardless of which method you use, you will always need to start your daemons. You can start the AIX daemons using the System Resource Controller (SRC) facility in AIX.

# startsrc –k ike

This will start it, and stopsrc (using the same options) will stop it.

We'll go more deeply into Linux in the next tip.

About the author:
Ken Milberg is the founder of Unix-Linux Solutions and a board member of Unigroup of NY, the oldest Unix user group in NYC. Ken regularly answers user questions on Unix and Linux interoperability issues as a site expert on SearchOpenSource.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.