LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-30-2009, 02:25 PM   #1
miniBill
LQ Newbie
 
Registered: Aug 2009
Distribution: Debian
Posts: 7

Rep: Reputation: 0
Arrow Creating a VPN isolated from my LAN


My network topology is a star, with one router/modem + 3 computers.
My computer runs Debian GNU/Linux testing, with Linux 2.6.26 on x86_64.
The other two computers run Microsoft Windows XP, and have low security policies.

I'd like to create a VPN but I need to strongly separate it from my LAN because the two Windows machines would fall immediately to any kind of attack, as they are administered by newbyes.
The ideal solution would allow anyone who connects to the VPN to be in a virtual LAN, but would allow no communication to the windows machines.
I'd also like to allow ssh access to my machine, and I would probably use a key+password authentication, for additional security.

What software to use? What configuration?
OpenVPN seems the right software, but I have no idea on how to configure it to obtain my idea.
 
Old 09-02-2009, 12:04 AM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,095
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
Do you actually need a full vpn? Seems like all you'd need to do is have your router port forward the ssh port (22 if you haven't moved it) to your linux box anything extra could be tunneled over the ssh.
 
Old 09-03-2009, 09:46 AM   #3
miniBill
LQ Newbie
 
Registered: Aug 2009
Distribution: Debian
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by estabroo View Post
Do you actually need a full vpn? Seems like all you'd need to do is have your router port forward the ssh port (22 if you haven't moved it) to your linux box anything extra could be tunneled over the ssh.
yes, the main objective is to create a lan for everyone who connects to my pc [similar to hamachi], and I don't want everyone to have a shell on my pc
 
Old 09-05-2009, 08:21 AM   #4
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,095
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
If its a mix of *nix and windows then openvpn or tinc are probably your best bet for the vpn. As for the setup you shouldn't need to do anything special with the vpn's to keep them from accessing the internal windows boxes, worst case you just put in an iptables drop for traffic from a vpn address going to the internal windows boxes' addresses
 
Old 09-06-2009, 03:31 AM   #5
miniBill
LQ Newbie
 
Registered: Aug 2009
Distribution: Debian
Posts: 7

Original Poster
Rep: Reputation: 0
what about NAT, how does tinc/openvpn work behind a nat?
 
Old 09-07-2009, 09:29 AM   #6
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,095
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
If the server side is behind a nat then you'll need to have your nat/firewall port forward the port the server is listening on. On the client side you might need to have it do a hearbeat or keepalive to keep path open if you are using udp if you are using tcp then the client side should work through nat.
 
Old 09-08-2009, 10:13 AM   #7
miniBill
LQ Newbie
 
Registered: Aug 2009
Distribution: Debian
Posts: 7

Original Poster
Rep: Reputation: 0
how to setup for "heartbeat" or "keepalive"?
how to choose between using udp or tcp?
 
Old 09-08-2009, 01:48 PM   #8
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,095
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
UDP tends to be faster since it has less overhead then TCP. TCP tends to work better with firewalls since you have an established stream rather than disjointed packets.

The heartbeat or keepalive will vary for each different vpn. Openvpn's is --ping, you can also use --keepalive which combines --ping and --ping-restart.
 
Old 09-09-2009, 07:49 AM   #9
miniBill
LQ Newbie
 
Registered: Aug 2009
Distribution: Debian
Posts: 7

Original Poster
Rep: Reputation: 0
thank you for all the info
 
  


Reply

Tags
debian, lan, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES: Forward from VPN to LAN, Need traffic to appear as if its coming from LAN. a2brute Linux - Networking 3 11-17-2008 12:53 PM
lan to lan over pptpd vpn atomixx Linux - Networking 1 10-06-2008 04:26 PM
PXE ubuntu install - Isolated lan fails trying to go to mirror bkrocker Ubuntu 0 09-10-2008 02:39 PM
sharing VPN access with lan + after vpn connected unable to ping lan/public ip xxx_anuj_xxx Linux - Networking 1 03-14-2008 03:50 AM
No Internet but LAN and VPN connect LAN work fine??? xavior Suse/Novell 7 11-09-2005 02:14 PM


All times are GMT -5. The time now is 08:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration