Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-04-2005, 10:13 AM
|
#1
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Rep:
|
VPN: linux VPN server behind Linksys router
Hello
I would like to set up a VPN server on my Gentoo server so that I can access files when I'm out of the house, say at a friend's house.
Here is the setup
Site 1: My home
Gentoo server - which will become the VPN server
|
|
Linksys router - this routes the ADSL broadband, and has IPSec Pass-Through and PPTP Pass-Through options
|
|
|
Big Bad Internet
|
|
|
Site 2: friend's house
Linksys Router - lets just assume it is identical to mine
|
|
My friend's PC - this is trying to access my Gentoo server
Is the above setup possible? I mean, is it possible to have the VPN server behind the Linksys router?
Thank you
Hamish
|
|
|
08-04-2005, 10:30 AM
|
#2
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
Why not just enable ssh to access files, login, etc? Much easier setup than dealing with VPN on a simple network.
|
|
|
08-04-2005, 10:37 AM
|
#3
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Original Poster
Rep:
|
Hey
I want to learn VPN as I would like to set this same setup up for my two offices. This will be a trial
hamish
|
|
|
08-12-2005, 11:33 AM
|
#4
|
Member
Registered: May 2002
Location: new hampshire
Distribution: Fedora, RHEL
Posts: 600
Rep: 
|
Hamish, if they're both going to be linux boxes, and you want to bridge two networks, then you could look at using ssh+pppd to accomplish what you want. Basically, you pipe the PPPd output through the ssh connection you make, and it does all the link-layer handling. Then just specify a route between your two networks. Voila!
If you're looking to complicate things, go ahead and spend the five or six days it will take to get pptpd to play nice with linux + windows, et. al.
|
|
|
08-13-2005, 04:57 AM
|
#5
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Original Poster
Rep:
|
hey
no, they won't both be linux. Basically, I'll probably be in the situation where we want to be able to access the server (and mount its shares) . the clients will all be windows.
This is why I htink that I need VPN
hamish
|
|
|
08-13-2005, 06:49 PM
|
#6
|
Member
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
|
I agree, this sounds like a VNP situation. I'd go with IPsec since the MS VPN client will work. What will it take to get it going? Good question. I've used FreeSwan configured with Webmin. I've not configured it to work with MS thought... I've heard it can be done easily.
That being said, you can do this with SSH, sftp, ect. There is a CD called XFreeCD that gives you a bash shell in Windows so you have a very Linux like enviroment to allow you tools like scp, sftp, ssh, etc. I use this solution and it works out GREAT for me.
MrKnisely
|
|
|
08-13-2005, 11:30 PM
|
#7
|
Member
Registered: Aug 2004
Location: Newmarket, Ontario
Distribution: OpenSuse 10.2
Posts: 184
Rep:
|
L2TP/IPSec VPN is very interesting but also very difficult to set up. I haven't had any luck setting one up yet. In any case, if you want to access your Gentoo VPN server from behind your firewall, you may have to put in in the DMZ (Demilitarized Zone). However, doing that completely exposes your computer to the Internet so you will have to take precaution to lock it down.
|
|
|
08-14-2005, 10:03 AM
|
#8
|
Member
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
|
L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.
Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.
MrKnisely
|
|
|
08-15-2005, 11:20 AM
|
#9
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Original Poster
Rep:
|
Hey
great! At least now I know what I need to do, I just need to work out how to do it!
I can easily forward to ports on the router, so no problems there. Basically, it sounds like I have all the gear that I need, I just need to find some documentation and make it work.
Thanks again
hamish
|
|
|
08-15-2005, 11:20 AM
|
#10
|
Member
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720
Original Poster
Rep:
|
In fact, all that aside, can anyone recommend a vpn router (eg a linksys router box thingie) in case I can't get this working?
hamish
|
|
|
08-15-2005, 09:06 PM
|
#11
|
Member
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
|
I can recomend any of the Linksys VPN router devices with the exception of the 8-port device. There seems to be a bug in the 8-port firmware version. This is as of about 3 months ago, so check for a firmware update more recent than that; if it's there I'll recomend all of them.
A co-worker of mine setup a VPN between two offices of a friends business using these. They are very user friendly, and the client works like a charm.
MrKnisely
|
|
|
08-24-2005, 05:54 AM
|
#12
|
LQ Newbie
Registered: Aug 2005
Posts: 2
Rep:
|
Port Forwarding Not Working
Hi,
I basically have the same problem: Accessing a Linux server from outside a router. I have a DLink router and have done port forwarding to the Linux server's local ip address (e.g. 192.168.1.10) and assigned it port 7010.
It's okay when I access the Linux server from another PC (running XP) within my local network. It gives me the Apache server page, no problem.
When I try accessing the Linux server from outside of the router (i.e. Internet) through the router's IP address that my ISP assigns (for example: 84.23.49.20:7010), it gives me the 'Page cannot be displayed' error.
I am sure port forwarding works because I have an IP Camera connected on my local network as well and I have a port redirected to it and I can see my camera from my office.
Please help me.
Quote:
Originally posted by charon79m
L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.
Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.
MrKnisely
|
|
|
|
08-24-2005, 05:33 PM
|
#13
|
Member
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
|
Hmmm... You've got TCP 7010 forwareded to the internal ip of your webserver on tcp 80, right?
Or did you edit apache to listen on port 7010?
MrKnisely
|
|
|
08-25-2005, 12:57 AM
|
#14
|
LQ Newbie
Registered: Aug 2005
Posts: 2
Rep:
|
Hi,
I just forwarded the port 7010 to the internal ip address of the Linux server (192.168.1.10).
I did not edit Apache at all.
Can you please tell me the required steps to configure Apache in this regard?
Thanks a lot.
Backscratcher_dev 
|
|
|
08-25-2005, 08:42 PM
|
#15
|
Member
Registered: Oct 2003
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
|
Apache changes listening ports...
Look for something like this in your httpd.conf file:
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need apache to be run as root initially.
#
Port 80
Oh, and note the note!
MrKnisely
|
|
|
All times are GMT -5. The time now is 04:44 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|