CorporateLinux VPN setup ??

fhameed · 04-01-2006, 01:37 PM

Hello

We have a little VPN project at our office and i'm responsible to get it done.

I want to setup VPN using LINUX between our central software development office and a number of client remote servers at various locations.

We want only our clients to run a selected pair of applications remotely located on our servers in a VPN enviornment.

Moreover we want to develop some sort of packet mechanism which can identify that the packets during this process are really the packets of our clients and central office so as to be sure that no 3 person is involved.

So how to go about it.

THANKS

Fahad

win32sux · 04-01-2006, 05:04 PM

well for the VPN you just need to setup the VPN gateway and stuff... VPN's authentication should make sure only those you want will connect... there's tons of VPN solutions on the web... do you have some kinda specific question?? the "how do i do all this" approach is quite broad...

Penguin of Wonder · 04-02-2006, 03:24 PM

Are you having trouble install and configureing your vpn? If your using CISCO's VPN Client its only offically compatiable with kernels 2.2 and 2.4, so if your using 2.6 you have some work to do.

mattweidner · 04-03-2006, 12:07 AM

Have you taken a look at OpenVPN?

http://openvpn.net

It uses SSL for authentication and an encrypted tunnel.

In a nutshell, it:

"...supports flexible client authentication methods based on
certificates, smart cards, and/or username/password credentials, [ed: or pre-shared keys] and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface."

I have used it to connect 4 branch servers to a central corporate server using pre-shared keys.

It can be a bear to configure, but the results are worth it. Once you develop a template configuration file for your site, it's pretty trivial to change it to add new connections.

Check it out. I love it!

BTW - Episode 19 of the SecurityNow! podcast is all about OpenVPN and why it's so great, but also why it can be confusing to configure. Steve Gibson is working on some step-by-step configuration guides for OpenVPN, so expect those soon.

http://www.grc.com/securitynow.htm

~=gr3p=~ · 04-03-2006, 12:39 AM

Hey is ur corporate fully Linux ?

or any element of Win32sux

Becoz in my company we have a powerful Linux gateway-firewall which does port forwarding for the VPN server running on Windows 2000 Server Domain controller on our Internal LAN.

Me soon going to put in a nice Linux SAMBA-LDAP DC

fhameed · 04-03-2006, 02:25 AM

Hello

Thanks for the reply guys.

I talked with my boss in details so as to get a clear cut understanding of the problem.

Here is the exact problem.

Somehow we are intrested in marking the network packets with the company's identity so that if any user from our company browses any website or logs into any remote server the remote admin and gateway admin at our end may instantly know that the request generated from our company and by such and such user.

Thanks

Fahad Hameed