[SLUG] re: VPNs

From: Grantham, Patrick (Patrick.Grantham@vacationclub.com)
Date: Tue Oct 09 2001 - 15:56:46 EDT

Next message: Ron KA4INM Youvan: "[SLUG] kernel in use"
Previous message: Bryan-TheBS-Smith: "Re: [SLUG] Dual boot question"
Next in thread: Bryan-TheBS-Smith: "Re: [SLUG] re: VPNs"
Reply: Bryan-TheBS-Smith: "Re: [SLUG] re: VPNs"
Maybe reply: Grantham, Patrick: "RE: [SLUG] re: VPNs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A single port? Which is it? It seems clear that you get the essence of
what I am trying to accomplish. A linux file server running samba behind a
firewall serving to win clients on the internet. Is the Frees/WAN for
linux? Dumb down guides can provide a good spring board into more
comprehensive texts. What about pptp? Am I revealing my newbieness on this
topic? I seem to recall a distinct separation on a MS white paper.

-----Original Message-----
From: Bryan-TheBS-Smith [mailto:b.j.smith@ieee.org]
Sent: Tuesday, October 09, 2001 3:44 PM
To: slug@nks.net
Subject: Re: [SLUG] Dual boot question

"Grantham, Patrick" wrote:
> What's the safest way to setup a vpn between two hosts separated
> by the internet and firewalls.

By using a port-limited VPN. SSH makes an excellent VPN for simple
port forwarding that limits access to the remote LAN. I don't like
the idea of opening up all ports on my corporate LAN to a home
user's system, like most VPNs do.

> I want to be able to establish a vpn from a windows client

There are many people having much success with McAfee's PGPnet as a
client and FreeS/WAN as the server.

> and the samba shares (both with broadband internet access on a
> Linux server?

Unfortunately, SMB doesn't port forward very well through SSH as it
can use random ports above 1024. So the only option is the "open
all my ports" VPN.

NFS does tunnel nicely, but I know of no free NFS clients for
Windows.

[ Side note: Has anyone tried tunneling AFS? ]

> Would anyone recommend a how to guide or give a 101 discussion?

Most guides suck IMHO, and are "dumbed down". There are dozens of
issues. I also don't like the symmetric, "shared secret" that most
VPNs use either.

> Which ports should be opened or forwarded on the router?

Just the single port (or series of ports) used by the VPN protocol.

> How can the linux server be set to only access connections form
> certain IPs?

That depends on your firewall/VPN setup. But most VPN software
products have this capability, _assuming_ your server gets the
actual IP of the client -- which might not possibly if you are
behind a firewall. In that case, you would configure your firewall
to only allow certain IPs to access that port.

-- TheBS

-- 
Bryan "TheBS" Smith   mailto:b.j.smith@ieee.org    chat:thebs413
Engineer  AbsoluteValue Systems, Inc.  http://www.linux-wlan.org
President    SmithConcepts, Inc.    http://www.SmithConcepts.com

Next message: Ron KA4INM Youvan: "[SLUG] kernel in use"
Previous message: Bryan-TheBS-Smith: "Re: [SLUG] Dual boot question"
Next in thread: Bryan-TheBS-Smith: "Re: [SLUG] re: VPNs"
Reply: Bryan-TheBS-Smith: "Re: [SLUG] re: VPNs"
Maybe reply: Grantham, Patrick: "RE: [SLUG] re: VPNs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:07:19 EDT