chupacabra

[Log in to get rid of this advertisement]

Hi all: I'll try to be as specific as I can. I know that none of you guys are psychic so I'll give a lot of details.

Objective: set up a VPN server on current host running Samba server.

Server:
Linux/Samba 2.2.5
kernel: 2.4.18-3
distro: red hat 8.0

Clients: Windows 9x/2000/XP

Scenario: I have setup Samba server. Everything is working fine on our LAN.
Now all I want to do is set up a VPN server on the same machine I have Samba so users from home are able to access their shared folders, home directories, and so forth on our network.

The VPN server currently works on a Windows box, but I want to setup a Linux box instead. I'm assuming you will all agree that there's nothing wrong with that : )

| Home | =====> (( Internet )) =====> VPN =====> Samba server

Explanation of graph:
Windows user turns on laptop at home => cancels logon to domain pop up window ==> dials-up using his own ISP to access the internet ==> click on VPN Access client [previously setup of course] ==>IP is assigned by DHCP ==> user automatically sees his shared folders by double-clicking MyComputer icon on Windows. Since the laptops are already setup for our current LAN there's no need to mess with the WINS server configuration or anything like that.
If I get to set up a Linux VPN server I can just change the Ip address for the VPN client but that's about it.

Tools I have been doing some research on for Linux platforms: OpenVPN, Freeswan.

Problem: tons of reading but nothing concrete for my specific requirements. Yes, I know what a VPN is and how it works. I guess I'm looking for a cookbook or a recipe at this point...a step by step type of guide.

Questions: 1. Has anyone done something I described above?
2. What were the steps you followed?


Any links or ideas are welcome.

If I get this to work, I'll post it somewhere on the internet [I'll give you guys the link later of course]. I'll post from configuring the Windows 2000/XP clients to setting up the Samba/VPN server, even how to setup quotas for ext3.


Thanks in advance,
el chupacabra

indi

I started with FreeSWAN but it was required to have some certificate signature in your DNS record. I use eNom to host my DNS which allowes simple configurations only, so FreeSWAN didn't work for me. Was giving some kind of message which was cryptic for me.

Other option was PopTop (PPTP). I have sucessfully tested that. But it was without encryption i.e. PAP...

One need to patch the kernel and recompile for MS-CAHP or something better...

Didn't have a spare computer to test that either.

I am also looking for some LINUX VPN implementation guide for 2.4.X kernel.

thanx.

chupacabra

I decided I'm not going to implement a VPN on the server side.

This is my idea, and maybe you can give me your inputs:

On my already running Linux/Samba server I will implement SSH Server and Firestarter.

1.Linux/Samba as a data file server for Windows clients of course.
2. SSH server to encrypt data.
3. Firestarter firewall just to prevent access to any other resources on my server except for SSH and SMB. I will close all other ports/services too.

Then on the client side, I'll have them to load SSH Client [free of charge for non-commercial purposes at hxxp://www.ssh.com or WinSCP from hxxp://winscp.vse.cz ]

That way I solve my two main concerns:

* Security
* Easy to use to the Windows user with nice GUIs as Windows users like.

I came out with this idea a few hours ago and so far so good. I even tested my server with Nessus no holes no nothing. Only SMB port and SSH ports are open which is just what I want.

el chupacabra

indi

perfect :-)

Still little confusion,

1> is your host multi-homed?
2> if no, then why you need SAMBA when you are using SCP? If yes, then you should open SMB ports from inside only.

I don't think opening SMB ports to outside (bad internet) is a good idea.

3> Can you afford manual invocation of SCP? I also had similar problem but had to be done in un-attended mode. So wrote thousands line of code using JAVA JSSE.



4> Why do I feel your nick familiar? Were u in DeadCrax??

stickman

Ack. I think I would have found a command line scp utility for Windows such as OpenSSH or PSCP.

chupacabra

thanks indi, my comments below...

I'll take the "Fifth" on that one : )


If you have any other comments I'd very happy to see read them. Email me if you want to talk offline at chupacabra@linuxmail.org

What what it be the MAIN different between setting up FreeSwan or OpenVPN instead of SSH in terms of security, data encryption?
I can see that SSH would be faster. VPN over a DUN are 33-35% slower than SSH. At least on my benchmarks anyway.

Thanks,
el chupacabra