I need some help, I've gotten the best responce here, so here goes.

I have 7 separate locations that I would like to network as one virtual entity. Each of these as they stand right now are on their own systems totally disconnected from one another. I'd like to use some sort of VPN so as to keep the cost from being enourmous. Three of the sites have current internet connections either via DSL or T1. The rest are stuck on Dialup or don't have anything whatsoever.

Each office will be on it's own subnet of the 192.168.0.X IP space and I'd like to make this so transparent to the end user that when they open Network neighborhood, they can see every other (currently) connected machine.

I would like to document everything that I find/do on a personal website so as to aide any other future questions of this nature.

What I'm wondering is:

#1 Is this a reasonable thing to even attempt? I'd like to centralize not only the userbase(have a PDC/BDC for the entire virtual network that controls login), but also the e-mail system. This will also involve having some centralize shares for data exchange.

#2 Can Linux do what I'm asking it to do? I envision each site having a simple Linux machine forwarding packets via IPSec(VPN) to the central location running the fastest internet connection(currently the central office on a T1).

#3 Would the network load of having 3-4 machines checking only e-mail be too much for 56k connections(bearing in mind the occasional file transfer or two) or do I need a DSL solution.

The MAIN issues are security and flexibility(I need to be able to add remote locations as they are built/purchased). This is a healthcare organization that requires a high level of encryption due to sensitive patient data.

I want the same thing (only 3 locations )

You'll should try the program freeswan i believe

I am short of time so i am currently not working at this but it is possible i gues

Only vpn over a 56 k line i do not know because of the different ip adres you get every time you log on to the internet .

You could try to use a dialup to your server directly for mail .

And you'll know what they say :

everything is possible with linux

All of what you ask can be done....

If have actually set this up before.

What I did is setup a M$2K server running Routing and Remote Access to handle all incoming VPN traffic. I am running NAT on router where the W2K server so I had to make some router changes to allow the VPN traffic to pass.

I then had it connect to the clients internal domain during startup. (You can just leave it as a standonlone also)

I then setup 15 outlying offices to connect to this server for email, file transfer, etc...

You can be at any site and see all of the machines that are connected simply by opening network neighborhood.

I am running Redhat7.1 on the inside of all outlying offices which connect via DLS, T1 or dialup depending on the office size acting as a VPN router and firewall

I set all internal IP's on the outlying offices one range higher and had the W2K box route them over the internal network

IE...
Main office 192.168.0.X
Office1 192.168.1.X
Office3 192.168.2.X
and so forth

All sites still have normal Internet connectivity based on routing decisions in either the routers or Linux.

I would plan on no more than 2 users on a dialup session over VPN,

Yes..this is a routing mess but done correctly is completely transparent and since only 1 W2k box is involved it is fairly stable.

Just do not let the W2K VPN server do much else

On all of your separate Nets that are going to VPN in you have 192.168.0.X for instance...is that the IP that the win2k machine sees? or did you setup separate routing on the VPN?(ignore me if this is a stupid question, I just haven't toy'd with win2k vpn).

J

I am working on the vpn as my present project now.
You may want to look at the following website

http://www.buildinglinuxvpns.com
http://www.freeswan.org
http://jixen.tripod.com

You may want to do a search in yahoo using vpn keywords.

Let me know how is your implementation.

x2000koh@yahoo.com.sg
singapore

Most of this can be done transparently to the user, the only minor glitches would come in Samba, but they are being worked on and fixed.

Freeswan can do everything you need it to do here. If you use Linux totally, and run freeswan totally for ipsec connections it will be completley transparent to the user.

In your setup I would go ahead and get the DSL option if available. I would also pay a little extra for a static ip address. By running Freeswan and IPtables on the Linux Router you can easily allow each site to have it's own internet connection, yet securing it at the same time. Freeswan connects to Freeswan pretty easily.

Samba works really good as a windows networking server. The PDC and BDC limitions are easily over come by simple cron jobs or by setting up NIS. I'm currently running 2.2.3a (as a PDC) and I can join machines on the fly, and log in with no problems.

However when I try to add users to groups on my win2k clients I get errors. (I have a more in depth posting on here, but no help has come yet).

Anyway, that's the only thing that I have had a problem with, otherwise it works great as a PDC. The latest version is 2.2.5 and is available for download. This problem may have been fixed in the new version.

I just want to second one thing that krunkwick said - if possible get a static IP. What you want to do is easily doable even with a dynamic IP, but getting static's all the way around will really simplify/streamline things. Take a look at FreeS/WAN and let us know if you have any other questions.

--jeremy