Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-16-2002, 01:45 PM
|
#1
|
Member
Registered: Oct 2002
Posts: 30
Rep:
|
VPN server setup
Hi all: I'll try to be as specific as I can. I know that none of you guys are psychic so I'll give a lot of details.
Objective: set up a VPN server on current host running Samba server.
Server:
Linux/Samba 2.2.5
kernel: 2.4.18-3
distro: red hat 8.0
Clients: Windows 9x/2000/XP
Scenario: I have setup Samba server. Everything is working fine on our LAN.
Now all I want to do is set up a VPN server on the same machine I have Samba so users from home are able to access their shared folders, home directories, and so forth on our network.
The VPN server currently works on a Windows box, but I want to setup a Linux box instead. I'm assuming you will all agree that there's nothing wrong with that : )
| Home | =====> (( Internet )) =====> VPN =====> Samba server
Explanation of graph:
Windows user turns on laptop at home => cancels logon to domain pop up window ==> dials-up using his own ISP to access the internet ==> click on VPN Access client [previously setup of course] ==>IP is assigned by DHCP ==> user automatically sees his shared folders by double-clicking MyComputer icon on Windows. Since the laptops are already setup for our current LAN there's no need to mess with the WINS server configuration or anything like that.
If I get to set up a Linux VPN server I can just change the Ip address for the VPN client but that's about it.
Tools I have been doing some research on for Linux platforms: OpenVPN, Freeswan.
Problem: tons of reading but nothing concrete for my specific requirements. Yes, I know what a VPN is and how it works. I guess I'm looking for a cookbook or a recipe at this point...a step by step type of guide.
Questions: 1. Has anyone done something I described above?
2. What were the steps you followed?
Any links or ideas are welcome.
If I get this to work, I'll post it somewhere on the internet [I'll give you guys the link later of course]. I'll post from configuring the Windows 2000/XP clients to setting up the Samba/VPN server, even how to setup quotas for ext3.
Thanks in advance,
el chupacabra
|
|
|
12-16-2002, 02:18 PM
|
#2
|
LQ Newbie
Registered: Dec 2002
Distribution: redhat
Posts: 14
Rep:
|
I started with FreeSWAN but it was required to have some certificate signature in your DNS record. I use eNom to host my DNS which allowes simple configurations only, so FreeSWAN didn't work for me. Was giving some kind of message which was cryptic for me.
Other option was PopTop (PPTP). I have sucessfully tested that. But it was without encryption i.e. PAP...
One need to patch the kernel and recompile for MS-CAHP or something better...
Didn't have a spare computer to test that either.
I am also looking for some LINUX VPN implementation guide for 2.4.X kernel.
thanx.
|
|
|
12-16-2002, 05:33 PM
|
#3
|
Member
Registered: Oct 2002
Posts: 30
Original Poster
Rep:
|
idea
I decided I'm not going to implement a VPN on the server side.
This is my idea, and maybe you can give me your inputs:
On my already running Linux/Samba server I will implement SSH Server and Firestarter.
1.Linux/Samba as a data file server for Windows clients of course.
2. SSH server to encrypt data.
3. Firestarter firewall just to prevent access to any other resources on my server except for SSH and SMB. I will close all other ports/services too.
Then on the client side, I'll have them to load SSH Client [free of charge for non-commercial purposes at hxxp://www.ssh.com or WinSCP from hxxp://winscp.vse.cz ]
That way I solve my two main concerns:
* Security
* Easy to use to the Windows user with nice GUIs as Windows users like.
I came out with this idea a few hours ago and so far so good. I even tested my server with Nessus no holes no nothing. Only SMB port and SSH ports are open which is just what I want.
el chupacabra
|
|
|
12-16-2002, 06:21 PM
|
#4
|
LQ Newbie
Registered: Dec 2002
Distribution: redhat
Posts: 14
Rep:
|
perfect :-)
Still little confusion,
1> is your host multi-homed?
2> if no, then why you need SAMBA when you are using SCP? If yes, then you should open SMB ports from inside only.
I don't think opening SMB ports to outside (bad internet) is a good idea.
3> Can you afford manual invocation of SCP? I also had similar problem but had to be done in un-attended mode. So wrote thousands line of code using JAVA JSSE.
4> Why do I feel your nick familiar? Were u in DeadCrax??
|
|
|
12-16-2002, 07:07 PM
|
#5
|
Senior Member
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552
Rep:
|
Quote:
Originally posted by indi
3> Can you afford manual invocation of SCP? I also had similar problem but had to be done in un-attended mode. So wrote thousands line of code using JAVA JSSE.
|
Ack. I think I would have found a command line scp utility for Windows such as OpenSSH or PSCP.
|
|
|
12-17-2002, 11:54 AM
|
#6
|
Member
Registered: Oct 2002
Posts: 30
Original Poster
Rep:
|
thanks indi
thanks indi, my comments below...
I'll take the "Fifth" on that one : )
If you have any other comments I'd very happy to see read them. Email me if you want to talk offline at chupacabra@linuxmail.org
What what it be the MAIN different between setting up FreeSwan or OpenVPN instead of SSH in terms of security, data encryption?
I can see that SSH would be faster. VPN over a DUN are 33-35% slower than SSH. At least on my benchmarks anyway.
Thanks,
el chupacabra
|
|
|
All times are GMT -5. The time now is 02:06 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|