Re: [SLUG] Dual boot question

From: Bryan-TheBS-Smith (b.j.smith@ieee.org)
Date: Tue Oct 09 2001 - 15:44:28 EDT


"Grantham, Patrick" wrote:
> What's the safest way to setup a vpn between two hosts separated
> by the internet and firewalls.

By using a port-limited VPN. SSH makes an excellent VPN for simple
port forwarding that limits access to the remote LAN. I don't like
the idea of opening up all ports on my corporate LAN to a home
user's system, like most VPNs do.

> I want to be able to establish a vpn from a windows client

There are many people having much success with McAfee's PGPnet as a
client and FreeS/WAN as the server.

> and the samba shares (both with broadband internet access on a
> Linux server?

Unfortunately, SMB doesn't port forward very well through SSH as it
can use random ports above 1024. So the only option is the "open
all my ports" VPN.

NFS does tunnel nicely, but I know of no free NFS clients for
Windows.

[ Side note: Has anyone tried tunneling AFS? ]

> Would anyone recommend a how to guide or give a 101 discussion?

Most guides suck IMHO, and are "dumbed down". There are dozens of
issues. I also don't like the symmetric, "shared secret" that most
VPNs use either.

> Which ports should be opened or forwarded on the router?

Just the single port (or series of ports) used by the VPN protocol.

> How can the linux server be set to only access connections form
> certain IPs?

That depends on your firewall/VPN setup. But most VPN software
products have this capability, _assuming_ your server gets the
actual IP of the client -- which might not possibly if you are
behind a firewall. In that case, you would configure your firewall
to only allow certain IPs to access that port.

-- TheBS

-- 
Bryan "TheBS" Smith   mailto:b.j.smith@ieee.org    chat:thebs413
Engineer  AbsoluteValue Systems, Inc.  http://www.linux-wlan.org
President    SmithConcepts, Inc.    http://www.SmithConcepts.com



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:07:16 EDT