LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-16-2002, 01:45 PM   #1
chupacabra
Member
 
Registered: Oct 2002
Posts: 30

Rep: Reputation: 15
Question VPN server setup


Hi all: I'll try to be as specific as I can. I know that none of you guys are psychic so I'll give a lot of details.

Objective: set up a VPN server on current host running Samba server.

Server:
Linux/Samba 2.2.5
kernel: 2.4.18-3
distro: red hat 8.0

Clients: Windows 9x/2000/XP

Scenario: I have setup Samba server. Everything is working fine on our LAN.
Now all I want to do is set up a VPN server on the same machine I have Samba so users from home are able to access their shared folders, home directories, and so forth on our network.

The VPN server currently works on a Windows box, but I want to setup a Linux box instead. I'm assuming you will all agree that there's nothing wrong with that : )

| Home | =====> (( Internet )) =====> VPN =====> Samba server

Explanation of graph:
Windows user turns on laptop at home => cancels logon to domain pop up window ==> dials-up using his own ISP to access the internet ==> click on VPN Access client [previously setup of course] ==>IP is assigned by DHCP ==> user automatically sees his shared folders by double-clicking MyComputer icon on Windows. Since the laptops are already setup for our current LAN there's no need to mess with the WINS server configuration or anything like that.
If I get to set up a Linux VPN server I can just change the Ip address for the VPN client but that's about it.

Tools I have been doing some research on for Linux platforms: OpenVPN, Freeswan.

Problem: tons of reading but nothing concrete for my specific requirements. Yes, I know what a VPN is and how it works. I guess I'm looking for a cookbook or a recipe at this point...a step by step type of guide.

Questions: 1. Has anyone done something I described above?
2. What were the steps you followed?


Any links or ideas are welcome.

If I get this to work, I'll post it somewhere on the internet [I'll give you guys the link later of course]. I'll post from configuring the Windows 2000/XP clients to setting up the Samba/VPN server, even how to setup quotas for ext3.


Thanks in advance,
el chupacabra
 
Old 12-16-2002, 02:18 PM   #2
indi
LQ Newbie
 
Registered: Dec 2002
Distribution: redhat
Posts: 14

Rep: Reputation: 0
I started with FreeSWAN but it was required to have some certificate signature in your DNS record. I use eNom to host my DNS which allowes simple configurations only, so FreeSWAN didn't work for me. Was giving some kind of message which was cryptic for me.

Other option was PopTop (PPTP). I have sucessfully tested that. But it was without encryption i.e. PAP...

One need to patch the kernel and recompile for MS-CAHP or something better...

Didn't have a spare computer to test that either.

I am also looking for some LINUX VPN implementation guide for 2.4.X kernel.

thanx.
 
Old 12-16-2002, 05:33 PM   #3
chupacabra
Member
 
Registered: Oct 2002
Posts: 30

Original Poster
Rep: Reputation: 15
Lightbulb idea

I decided I'm not going to implement a VPN on the server side.

This is my idea, and maybe you can give me your inputs:

On my already running Linux/Samba server I will implement SSH Server and Firestarter.

1.Linux/Samba as a data file server for Windows clients of course.
2. SSH server to encrypt data.
3. Firestarter firewall just to prevent access to any other resources on my server except for SSH and SMB. I will close all other ports/services too.

Then on the client side, I'll have them to load SSH Client [free of charge for non-commercial purposes at hxxp://www.ssh.com or WinSCP from hxxp://winscp.vse.cz ]

That way I solve my two main concerns:

* Security
* Easy to use to the Windows user with nice GUIs as Windows users like.

I came out with this idea a few hours ago and so far so good. I even tested my server with Nessus no holes no nothing. Only SMB port and SSH ports are open which is just what I want.

el chupacabra
 
Old 12-16-2002, 06:21 PM   #4
indi
LQ Newbie
 
Registered: Dec 2002
Distribution: redhat
Posts: 14

Rep: Reputation: 0
Thumbs up

perfect :-)

Still little confusion,

1> is your host multi-homed?
2> if no, then why you need SAMBA when you are using SCP? If yes, then you should open SMB ports from inside only.

I don't think opening SMB ports to outside (bad internet) is a good idea.

3> Can you afford manual invocation of SCP? I also had similar problem but had to be done in un-attended mode. So wrote thousands line of code using JAVA JSSE.



4> Why do I feel your nick familiar? Were u in DeadCrax??
 
Old 12-16-2002, 07:07 PM   #5
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Quote:
Originally posted by indi
3> Can you afford manual invocation of SCP? I also had similar problem but had to be done in un-attended mode. So wrote thousands line of code using JAVA JSSE.
Ack. I think I would have found a command line scp utility for Windows such as OpenSSH or PSCP.
 
Old 12-17-2002, 11:54 AM   #6
chupacabra
Member
 
Registered: Oct 2002
Posts: 30

Original Poster
Rep: Reputation: 15
Thumbs up thanks indi

thanks indi, my comments below...

Quote:
Originally posted by indi
perfect :-)

Still little confusion,

1> is your host multi-homed?
No it's not. Maybe I should setup a firewall before the SAMBA server.

Client ==> Internet ==> firewall ==> Samba


2> if no, then why you need SAMBA when you are using SCP? If yes, then you should open SMB ports from inside only.

Well, some users want to map to their home directories manually from the Windows client. They just want to have the option of doing both the SSH thing and map the network drive directly. I do not see the need to map the network drive manually, but that's what they want.

They are aware of the risks and everything.

But I'll bring that up on my next meeting. We should just have SSH...just for security purposes.

I don't think opening SMB ports to outside (bad internet) is a good idea.

I agree with you.

3> Can you afford manual invocation of SCP? I also had similar problem but had to be done in un-attended mode. So wrote thousands line of code using JAVA JSSE.

No money, and no time to write my own code.



4> Why do I feel your nick familiar? Were u in DeadCrax??
I'll take the "Fifth" on that one : )


If you have any other comments I'd very happy to see read them. Email me if you want to talk offline at chupacabra@linuxmail.org

What what it be the MAIN different between setting up FreeSwan or OpenVPN instead of SSH in terms of security, data encryption?
I can see that SSH would be faster. VPN over a DUN are 33-35% slower than SSH. At least on my benchmarks anyway.

Thanks,
el chupacabra
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN: linux VPN server behind Linksys router hamish Linux - Networking 14 08-25-2005 08:42 PM
VPN Question Win98->internet->Router->Linux VPN Server->Win2k Server patrickrea Linux - Networking 1 08-10-2004 02:09 AM
Setup VPN server on Sun Java desktop syste hollor Linux - Newbie 2 06-16-2004 11:09 AM
Setup a VPN server on a Sun Java desktop system. hollor Linux - Newbie 1 06-14-2004 09:26 AM
How do i connect Ciscos VPN client to Checkpoint VPN server Klas Linux - Networking 1 11-29-2003 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration