LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 06-02-2006, 12:48 PM   #1
eder_michael11
Member
 
Registered: Jan 2006
Posts: 51

Rep: Reputation: 15
I Have A Big Questions About ""vpn""


i want to know what exactly can i do with VPN

for example... i have a network with servers..with ip private 10.41.0.0 that uses NAT with a router...

my question is... if i configure a VPN server ...
that will make a tunnel... but

at other place ... with Windows OS
can i connect to the servers Windows through the VPN
configured on LINUX

or only the clients can acces to the information of the VPN server...?????

and i am using OpenVPN which option is better for that
routed or bridged.. i even cant understand the diferences betwen they....
 
Old 06-02-2006, 05:10 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
to my knowledge bridged vpns will allow a single network to span two seperate locations. you have a bunch of machines in multiple locations all living on 192.168.1.0/24 for example. in a routed vpn you would have a different network on each site and add a route to your network to point the remote site down the tunnel explicitly. generally i'd strongly suggest the simpler architectuure of the routed approach each time. once you have the vpn configured you can access any computer from anywhere else in your private address space.
 
Old 06-02-2006, 10:26 PM   #3
eder_michael11
Member
 
Registered: Jan 2006
Posts: 51

Original Poster
Rep: Reputation: 15
ok thnks but...

ok then you prefer routed ...

how does it works?? the vpn comes from a ETH0 and the local network is at ETH1 ??? or at the same interface can i make the vpn and have acces to the network????

and do you know if the clien has to have a public ip

because .. in my case... the client has a cablemodem conexion to internet and by dhcp has 10.8.119.181 =( a private,,

can i configure anyway the vpn??
 
Old 06-03-2006, 01:01 AM   #4
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
A few things about routed vs. bridged.
Each should be used in its own situation. Routed is useful for security because it keeps networks apart. Even in a physical scenario, you would want to keep a DMZ separated from the workstations. Bridging is useful when literally want a `virtual' network (i.e., the machines work exactly as if they are just plugged into the same hub/switch).

As for the interfaces question, usually a tunnel device is created (tun0 or similar) specifically for the VPN.

If your cable company has you on a private address, it means your NATed. Any VPN implementation that can solve NAT-Traversal will allow you to establish a connection. This is the same for a road warrior who brings his laptop to an internet cafe (a `classic' scenario in theoretical VPN).
 
Old 06-03-2006, 07:18 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
a vpn doesn't necessarily come out of any ethernet interface, it will simply head in the direction that the remote peer lives in. if you have a router with a single 192.168.0.0/24 on eth0 and internet via eth1 then yes that's the direction the traffic would take.

essentially with a vpn you define what traffic (i.e. destination subnet) lives at the other end of that tunnel. when the local vpn end point (your router) recieves a piece of data for the remote private network it encapsulates the data securely and then at application level (i.e. like a webpage, irc connection or whatever) sends that packet to the remote peer. that peer then knows how to decrypt that packet and then releeases it onto it's local destination network. so you have private to private addressing via a public network which has no idea where these two private networks live.
 
Old 06-05-2006, 12:48 PM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,455

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
There are many on-line resources such as this WikiPedia article, with links.

Basically... VPN in "tunnel" mode makes a portion of the network addresses on one side of the tunnel visible on the other (it may or may not be a two-way visiblity), for specified types of traffic. Once the tunnel is established, any authorized user can employ it. The encryption and other services of VPN are invisible to the clients, who see the addresses as just ordinary IP's.

VPN, like most things, is full of confusing jargon and TLA's (three-letter acronyms ) but the essential ideas are simple. It's a rugged, industrial-strength facility which permits ordinary, un-modified applications to communicate securely across a non-secure network like the Internet, while enjoying the following benefits (among others) automatically:
  • The communications are securely encrypted, with robust, peer-reviewed algorithms, using randomly chosen keys that might be refreshed while the conversations are going on.
  • You know that the party you think you are connected to, really is that party.
  • You know that all of the packets that you sent, were received and were not modified in-transit.
  • You know that forged packets or replayed packets were not injected into the data stream.
  • There is very little loss of speed vs. unencrypted communication.
  • Some of the best brains in the business, including some with advanced security clearances, have contributed to the open standard and constantly peer-review its implementations.
(These benefits being enjoyed, of course, only if VPN is configured and deployed correctly, and in an environment requiring the level of security that VPN was intended to provide.)
 
Old 06-06-2006, 04:34 PM   #7
eder_michael11
Member
 
Registered: Jan 2006
Posts: 51

Original Poster
Rep: Reputation: 15
ok i configured the vpn FINALLY...

i used poptop at slackware server (pptp)

and i connected my windows to the linux vpn server from other place with vpn default from windows

when i connect to the vpn server ,... the "ipconfig" at my windows shows..
198.168.0.1 ... but could ping to the server by the ip private of the server 10.41.0.15 i think doesnt matter because i could ping the server by a private ip ... the tunnel is made... well

now... i want to access to the machines that are in the segment of my vpn server by the VPN

for example the vpn server has 10.41.0.15 and other webserver has 10.41.0.1

can i acces from my house windows to the windows web server 10.41.0.1 ????? by the vpn stablished??

what can i do????

the vpn server at the config file to the clients must assign 10.0.0.2 - 20
i dont know why at my windows client ip config show 192.168.0.1
 
Old 06-07-2006, 05:49 AM   #8
jmpmjmpm
Member
 
Registered: Feb 2005
Location: UK
Distribution: Ubuntu 6.10
Posts: 50

Rep: Reputation: 15
I suggest listening to the episodes of steve gibson's securitynow! podcast where he explains vpn in detail
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bash script: using "select" to show multi-word options? (like "option 1"/"o zidane_tribal Programming 6 03-21-2013 11:35 AM
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 05:40 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 12:26 PM
"Xlib: extension "XFree86-DRI" missing on display ":0.0"." zaps Linux - Games 9 05-14-2007 04:07 PM
Can't install "glibmm" library. "configure" script can't find "sigc++-2.0&q kornerr Linux - General 4 05-10-2005 03:32 PM


All times are GMT -5. The time now is 12:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration