Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need some help, I've gotten the best responce here, so here goes.
I have 7 separate locations that I would like to network as one virtual entity. Each of these as they stand right now are on their own systems totally disconnected from one another. I'd like to use some sort of VPN so as to keep the cost from being enourmous. Three of the sites have current internet connections either via DSL or T1. The rest are stuck on Dialup or don't have anything whatsoever.
Each office will be on it's own subnet of the 192.168.0.X IP space and I'd like to make this so transparent to the end user that when they open Network neighborhood, they can see every other (currently) connected machine.
I would like to document everything that I find/do on a personal website so as to aide any other future questions of this nature.
What I'm wondering is:
#1 Is this a reasonable thing to even attempt? I'd like to centralize not only the userbase(have a PDC/BDC for the entire virtual network that controls login), but also the e-mail system. This will also involve having some centralize shares for data exchange.
#2 Can Linux do what I'm asking it to do? I envision each site having a simple Linux machine forwarding packets via IPSec(VPN) to the central location running the fastest internet connection(currently the central office on a T1).
#3 Would the network load of having 3-4 machines checking only e-mail be too much for 56k connections(bearing in mind the occasional file transfer or two) or do I need a DSL solution.
The MAIN issues are security and flexibility(I need to be able to add remote locations as they are built/purchased). This is a healthcare organization that requires a high level of encryption due to sensitive patient data.
What I did is setup a M$2K server running Routing and Remote Access to handle all incoming VPN traffic. I am running NAT on router where the W2K server so I had to make some router changes to allow the VPN traffic to pass.
I then had it connect to the clients internal domain during startup. (You can just leave it as a standonlone also)
I then setup 15 outlying offices to connect to this server for email, file transfer, etc...
You can be at any site and see all of the machines that are connected simply by opening network neighborhood.
I am running Redhat7.1 on the inside of all outlying offices which connect via DLS, T1 or dialup depending on the office size acting as a VPN router and firewall
I set all internal IP's on the outlying offices one range higher and had the W2K box route them over the internal network
IE...
Main office 192.168.0.X
Office1 192.168.1.X
Office3 192.168.2.X
and so forth
All sites still have normal Internet connectivity based on routing decisions in either the routers or Linux.
I would plan on no more than 2 users on a dialup session over VPN,
Yes..this is a routing mess but done correctly is completely transparent and since only 1 W2k box is involved it is fairly stable.
On all of your separate Nets that are going to VPN in you have 192.168.0.X for instance...is that the IP that the win2k machine sees? or did you setup separate routing on the VPN?(ignore me if this is a stupid question, I just haven't toy'd with win2k vpn).
Most of this can be done transparently to the user, the only minor glitches would come in Samba, but they are being worked on and fixed.
Freeswan can do everything you need it to do here. If you use Linux totally, and run freeswan totally for ipsec connections it will be completley transparent to the user.
In your setup I would go ahead and get the DSL option if available. I would also pay a little extra for a static ip address. By running Freeswan and IPtables on the Linux Router you can easily allow each site to have it's own internet connection, yet securing it at the same time. Freeswan connects to Freeswan pretty easily.
Samba works really good as a windows networking server. The PDC and BDC limitions are easily over come by simple cron jobs or by setting up NIS. I'm currently running 2.2.3a (as a PDC) and I can join machines on the fly, and log in with no problems.
However when I try to add users to groups on my win2k clients I get errors. (I have a more in depth posting on here, but no help has come yet).
Anyway, that's the only thing that I have had a problem with, otherwise it works great as a PDC. The latest version is 2.2.5 and is available for download. This problem may have been fixed in the new version.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
I just want to second one thing that krunkwick said - if possible get a static IP. What you want to do is easily doable even with a dynamic IP, but getting static's all the way around will really simplify/streamline things. Take a look at FreeS/WAN and let us know if you have any other questions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.