LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-30-2014, 06:54 AM   #1
linsonav
LQ Newbie
 
Registered: Dec 2014
Posts: 3

Rep: Reputation: Disabled
vpn server setup on linux


location A
high speed unlimited internet connection wth static IP
with adsl modem cum router TP-LINK TD-W8968 (VPN Pass-Through==PPTP, L2TP, IPSec)
a good cpu build for server
several computers,laptops,mobile devices and printers networked

location B
several computers,laptops,mobile devices and printer networked+internet access
location C
same enviornment

need to connect all locations to server A through vpn to share files printers etc
bank level high security can be ignored.


My querys
1. Can i Host this like VPN my own? (without commercial services)
2. if so is my mouter TD-W8968 capable for it?
3. will it work if my ip is not static?
4. can my vpn server and voip server-asterisk can be installed on same pc?
5. which distro will be good(newbie to linux...still a hangover of windows for graphicalinterface)
6. IP Address allocation recommendation
7. is it possible to connect ip phones all over vis asterisk installed in vpn server
8. if this set-up stupid,what should be added to make it possible?
Thank you
 
Old 12-30-2014, 07:11 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
Quote:
Originally Posted by linsonav View Post
1. Can i Host this like VPN my own? (without commercial services)
Yes.
Quote:
Originally Posted by linsonav View Post
2. if so is my mouter TD-W8968 capable for it?
No, not by itself. It supports no VPN protocols (like IPsec or L2TP) and therefore cannot act as a VPN endpoint. "Pass-through" support only means that the PCs behind the routers may use those protocols. However, lack of VPN support in the router doesn't prevent your server from being a VPN endpoint.
Quote:
Originally Posted by linsonav View Post
3. will it work if my ip is not static?
A site-to-site VPN will normally need a static IP at one end. Some routers can work around this by using DNS names, and combined with a dynamic DNS service it would work (kinda, sorta), but I really wouldn't recommend it.

Since you already have a static, public IP address at one end, it shouldn't be a problem.
Quote:
Originally Posted by linsonav View Post
4. can my vpn server and voip server-asterisk can be installed on same pc?
Yes.
Quote:
Originally Posted by linsonav View Post
5. which distro will be good(newbie to linux...still a hangover of windows for graphicalinterface)
For a server or a workstation?
Quote:
Originally Posted by linsonav View Post
6. IP Address allocation recommendation
Huh? Can you elaborate?
Quote:
Originally Posted by linsonav View Post
7. is it possible to connect ip phones all over vis asterisk installed in vpn server
Yes.
Quote:
Originally Posted by linsonav View Post
8. if this set-up stupid,what should be added to make it possible?
It's not stupid at all, but keep in mind that routers with VPN support (like this one) are quite affordable these days, and usually considerably easier to configure as endpoints than a Linux server.
 
1 members found this post helpful.
Old 12-30-2014, 11:02 AM   #3
linsonav
LQ Newbie
 
Registered: Dec 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for the replay

now i see the difference between vpn router and vpn pass-through router
in the image attached i have draw my network scenario

1. server will be my vpn endpoint,so i can use my same router in main office?
2. distro i asked is for server. I used to windows now ubuntu. can ubuntu be used instead of ubuntuserver?i need too see whats going on in the server
3. after installing server os(just desktop ubuntu) what additional things to be installed to use ip phone and sharing via vpn,just open vpn and asterisk?
4. at present my router give ip to all.do i need to change it? both in main office and branch router gives ip which will be same 1921681.x
5. if branch connected to vpn,which country's google will appear in branch computer?google.co.in(main branch) or google.co.ae(branch country itself)?
6 all these will be legal right?only using linux..not any cracked or keygen windows thing,what about ip phones?
7.any additional recommendations?
Attached Thumbnails
Click image for larger version

Name:	Untitled.png
Views:	47
Size:	48.0 KB
ID:	17242  
 
Old 12-30-2014, 05:46 PM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
Quote:
Originally Posted by linsonav View Post
1. server will be my vpn endpoint,so i can use my same router in main office?
The main office is the location with the static IP, right? Since the other location will be initiating the VPN connection, you will need to forward certain TCP and/or UDP ports from the router to the server acting as the endpoint. Exactly which ports you have to forward will depend on the VPN technology you wish to use.

If both endpoints are Linux systems, you have a number of different technologies to choose between, IPsec, OpenVPN and L2TP being the most popular. Just make sure you stay clear of PPTP, as it has serious, non-fixable security flaws.

Your VPN endpoint will be behind a NAT router. Plain IPsec is often not possible to use in such scenarios, since IPsec tunneling depends on protocol 51 (Encapsulating Security Payload), which doesn't use TCP or UDP ports (it's an IP protocol all on its own) and hence cannot be forwarded. Some IPsec implementations can use what is known as "IPsec NAT-T" directly, which uses UDP port 4500 by default and can be forwarded, but in many cases IPsec NAT-T will only be used as a fallback after ESP has been tried and rejected because of NAT.

Note that if you cannot use IPsec, that also rules out L2TP. That leaves OpenVPN.
Quote:
Originally Posted by linsonav View Post
2. distro i asked is for server. I used to windows now ubuntu. can ubuntu be used instead of ubuntuserver?i need too see whats going on in the server
I'm afraid I can't be of much help there, as I tend to stick to the command line. Perhaps someone else can suggest a good GUI-centric server distribution.

(It may be worth mentioning that even on the Windows platform, the GUI now takes a back seat to command line scripting via PowerShell. You should consider familiarizing yourself with the command line, as it offers flexibility and automation not easily accomplished via a GUI.)
Quote:
Originally Posted by linsonav View Post
3. after installing server os(just desktop ubuntu) what additional things to be installed to use ip phone and sharing via vpn,just open vpn and asterisk?
If the IP phones use SIP, Asterisk is all you need.
Quote:
Originally Posted by linsonav View Post
4. at present my router give ip to all.do i need to change it? both in main office and branch router gives ip which will be same 1921681.x
That absolutely will not work. You simply cannot use the same IP network in two different locations. You will need to migrate at least one of the networks to a different IP range, and I'd actually recommend migrating both, as "192.168.1.0/24" is the most overused private network on the planet (with 192.168.0.0/24 and 10.0.0.0/24 sharing second place).
Quote:
Originally Posted by linsonav View Post
5. if branch connected to vpn,which country's google will appear in branch computer?google.co.in(main branch) or google.co.ae(branch country itself)?
That depends on your tunnel configuration. If you route everything through the tunnel, Internet traffic from the branch office will appear to come from the main office. If you choose to set up so-called "split tunneling" (which is by far the most common configuration), all traffic not destined for the main office will be routed through the local Internet connection as usual.
Quote:
Originally Posted by linsonav View Post
6 all these will be legal right?only using linux..not any cracked or keygen windows thing,what about ip phones?
What about the IP phones? Asterisk doesn't require one to purchase a license, and unless the phones are tied to some peculiar, proprietary software, there should be no issues there either.

What kind of IP phones are we talking about here?
Quote:
Originally Posted by linsonav View Post
7.any additional recommendations?
None that I can think of right now.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Server Setup Dhruba Dahal Linux - Server 4 01-11-2012 03:40 PM
How do I setup a VPN Server Wynand1 Linux - Networking 2 04-13-2006 09:45 AM
VPN Question Win98->internet->Router->Linux VPN Server->Win2k Server patrickrea Linux - Networking 1 08-10-2004 02:09 AM
VPN server setup chupacabra Linux - Networking 5 12-17-2002 11:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration