10

I need to connect to a webservice which is behind of a VPN via PHP. My server is Debian Linux (Squeeze).

  1. Is it possible to accomplish this via PHP on Linux?
  2. Is it risky to do this if it is possible? (When VPN connection hangs etc., does the operating system or any other what-so-over handles the situation)
  3. I have only one network card, therefore I really wonder whether it is possible to keep server online for normal users while "posting data over an accomplished VPN connection in the background".

Although my question seems to a conceptual question, any specific help is also welcome.

Server OS : Debian Linux Squeeze (x64)
Web Server : Apache HTTP
PHP Version: 5.3
Framework: Symfony 1.4

Lashae
  • 1,372
  • 1
  • 20
  • 36

2 Answers2

11

VPNs are at a network layer below PHP, PHP won't know or care that the connection is over a VPN or a normal connection. It's handled by the network stack.

If you use a permanent one (e.g. IPSEC) then PHP doesn't need to create the connection, it's just there to use when PHP connects to an IP address that is in the VPN. It is selected to use by the network layer when it does the routing, not by PHP. This is true even if you create the VPN on demand, as jderda suggested using exec() or similar. But a permanent connection is better (IPSEC).

So to answer your questions:

  1. The question doesn't make sense, the only way PHP could do this is using PPTP or similar and exec() to bring the connection up, but better to use IPSEC
  2. If the VPN connection hangs/dies PHP won't get a connection to the remote end and will timeout the connection.
  3. Yes it is.
j0k
  • 22,600
  • 28
  • 79
  • 90
Mark
  • 1,754
  • 3
  • 26
  • 43
3

From PHP point of view, the VPN is just a plain network connection. It does not require additional handling.

If you want to dynamicaly estabilish a VPN connection, you'll probably need to use exec() and some commandline tool for estabilishing a connection. But as such connection doesn't interfere with normal network communication (as long as it's properly configured, with other subnet ip range), you should estabilish it once and keep it active for PHP and other apps to use.

jderda
  • 890
  • 6
  • 18
  • I'm not sure what you offered is feasible or not. Suppose, we have established a VPN connection on the server which is always available. The server also have a normal internet connection which serves content to users. From PHP, what is the technique/method to select the required connection? Therefore, I think the correct way of implementing this thing, should be `creating the VPN connection as a context from PHP`. On the other hand, thanks for your answer, however you didn't answer any of my three questions. – Lashae Aug 04 '12 at 08:44
  • 1
    @Mark answered them, they just don't relate to PHP directly. As to how to 'select' the vpn'ed server, it is connected as different subnetwork, so it'll have different IP address – jderda Aug 04 '12 at 12:01