LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-04-2005, 10:13 AM   #1
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
VPN: linux VPN server behind Linksys router


Hello

I would like to set up a VPN server on my Gentoo server so that I can access files when I'm out of the house, say at a friend's house.

Here is the setup

Site 1: My home

Gentoo server - which will become the VPN server
|
|
Linksys router - this routes the ADSL broadband, and has IPSec Pass-Through and PPTP Pass-Through options
|
|
|
Big Bad Internet
|
|
|
Site 2: friend's house
Linksys Router - lets just assume it is identical to mine
|
|
My friend's PC - this is trying to access my Gentoo server

Is the above setup possible? I mean, is it possible to have the VPN server behind the Linksys router?

Thank you

Hamish
 
Old 08-04-2005, 10:30 AM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
Why not just enable ssh to access files, login, etc? Much easier setup than dealing with VPN on a simple network.
 
Old 08-04-2005, 10:37 AM   #3
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
Hey

I want to learn VPN as I would like to set this same setup up for my two offices. This will be a trial

hamish
 
Old 08-12-2005, 11:33 AM   #4
orgcandman
Member
 
Registered: May 2002
Location: dracut MA
Distribution: Ubuntu; PNE-LE; LFS (no book)
Posts: 594

Rep: Reputation: 102Reputation: 102
Hamish, if they're both going to be linux boxes, and you want to bridge two networks, then you could look at using ssh+pppd to accomplish what you want. Basically, you pipe the PPPd output through the ssh connection you make, and it does all the link-layer handling. Then just specify a route between your two networks. Voila!

If you're looking to complicate things, go ahead and spend the five or six days it will take to get pptpd to play nice with linux + windows, et. al.
 
Old 08-13-2005, 04:57 AM   #5
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
hey

no, they won't both be linux. Basically, I'll probably be in the situation where we want to be able to access the server (and mount its shares) . the clients will all be windows.

This is why I htink that I need VPN

hamish
 
Old 08-13-2005, 06:49 PM   #6
charon79m
Member
 
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297

Rep: Reputation: 30
I agree, this sounds like a VNP situation. I'd go with IPsec since the MS VPN client will work. What will it take to get it going? Good question. I've used FreeSwan configured with Webmin. I've not configured it to work with MS thought... I've heard it can be done easily.

That being said, you can do this with SSH, sftp, ect. There is a CD called XFreeCD that gives you a bash shell in Windows so you have a very Linux like enviroment to allow you tools like scp, sftp, ssh, etc. I use this solution and it works out GREAT for me.

MrKnisely
 
Old 08-13-2005, 11:30 PM   #7
aznluvsmc
Member
 
Registered: Aug 2004
Location: Newmarket, Ontario
Distribution: OpenSuse 10.2
Posts: 184

Rep: Reputation: 30
L2TP/IPSec VPN is very interesting but also very difficult to set up. I haven't had any luck setting one up yet. In any case, if you want to access your Gentoo VPN server from behind your firewall, you may have to put in in the DMZ (Demilitarized Zone). However, doing that completely exposes your computer to the Internet so you will have to take precaution to lock it down.
 
Old 08-14-2005, 10:03 AM   #8
charon79m
Member
 
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297

Rep: Reputation: 30
L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.

Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.

MrKnisely
 
Old 08-15-2005, 11:20 AM   #9
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
Hey

great! At least now I know what I need to do, I just need to work out how to do it!

I can easily forward to ports on the router, so no problems there. Basically, it sounds like I have all the gear that I need, I just need to find some documentation and make it work.

Thanks again
hamish
 
Old 08-15-2005, 11:20 AM   #10
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
In fact, all that aside, can anyone recommend a vpn router (eg a linksys router box thingie) in case I can't get this working?

hamish
 
Old 08-15-2005, 09:06 PM   #11
charon79m
Member
 
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297

Rep: Reputation: 30
I can recomend any of the Linksys VPN router devices with the exception of the 8-port device. There seems to be a bug in the 8-port firmware version. This is as of about 3 months ago, so check for a firmware update more recent than that; if it's there I'll recomend all of them.

A co-worker of mine setup a VPN between two offices of a friends business using these. They are very user friendly, and the client works like a charm.

MrKnisely
 
Old 08-24-2005, 05:54 AM   #12
backscratcher_dev
LQ Newbie
 
Registered: Aug 2005
Posts: 2

Rep: Reputation: 0
Port Forwarding Not Working

Hi,

I basically have the same problem: Accessing a Linux server from outside a router. I have a DLink router and have done port forwarding to the Linux server's local ip address (e.g. 192.168.1.10) and assigned it port 7010.

It's okay when I access the Linux server from another PC (running XP) within my local network. It gives me the Apache server page, no problem.

When I try accessing the Linux server from outside of the router (i.e. Internet) through the router's IP address that my ISP assigns (for example: 84.23.49.20:7010), it gives me the 'Page cannot be displayed' error.

I am sure port forwarding works because I have an IP Camera connected on my local network as well and I have a port redirected to it and I can see my camera from my office.

Please help me.



Quote:
Originally posted by charon79m
L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.

Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.

MrKnisely
 
Old 08-24-2005, 05:33 PM   #13
charon79m
Member
 
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297

Rep: Reputation: 30
Hmmm... You've got TCP 7010 forwareded to the internal ip of your webserver on tcp 80, right?

Or did you edit apache to listen on port 7010?

MrKnisely
 
Old 08-25-2005, 12:57 AM   #14
backscratcher_dev
LQ Newbie
 
Registered: Aug 2005
Posts: 2

Rep: Reputation: 0
Hi,

I just forwarded the port 7010 to the internal ip address of the Linux server (192.168.1.10).

I did not edit Apache at all.

Can you please tell me the required steps to configure Apache in this regard?

Thanks a lot.

Backscratcher_dev
 
Old 08-25-2005, 08:42 PM   #15
charon79m
Member
 
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297

Rep: Reputation: 30
Apache changes listening ports...

Look for something like this in your httpd.conf file:

# Port: The port to which the standalone server listens. For
# ports < 1023, you will need apache to be run as root initially.
#
Port 80

Oh, and note the note!

MrKnisely
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Question Win98->internet->Router->Linux VPN Server->Win2k Server patrickrea Linux - Networking 1 08-10-2004 02:09 AM
Win -> Linux VPN via Linksys Router gmeazell Linux - Networking 3 03-16-2004 07:28 AM
VPN with Linksys BEFsx41 Firewall Router mobassir Linux - Networking 0 01-02-2004 08:18 AM
How do i connect Ciscos VPN client to Checkpoint VPN server Klas Linux - Networking 1 11-29-2003 08:00 AM
MASQ VPN to VPN Router hakcenter Linux - Networking 0 06-26-2003 04:14 PM


All times are GMT -5. The time now is 06:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration