Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm new here (and to linux for that matter), but I thought this question might find an answer here quicker than it would in the newbie section.
I want to setup a linux firewall/vpn box for a small office. I understand that most any distro can be used as a firewall using the IP tables, and I have installed and played around with Smoothwall. However what I am looking for is a (simple) solution for configuring VPN access by remote users (telecommuting employees).
I've found a some information on a package called PopTop, but haven't investigated fully. If I can use the collective experience and expertise from whiz kids on this site, maybe i can save a litte time, and heartache too!
Very simple, and elegant. forget about the packages you're talking about and if you merely follow the simple examples in the two links below you're off and flying.
Also, I wouldn't bother with doing this on smoothwall either. I would let the packets pass through to another Linux box behind the firewall to alleviate the load. Let the firewall do the firewalling and simply allow from the various user IPs passing it through (redirecting the packets) to the machine behind the firewall to handle the tunnels themselves - but that's just me.
Even reading these two HOW-TOs slowly, you can have your users tunneling in within 15 minutes quite easily
Otherwise, you may want to get ASTARO Security Linux (I'm not a smoothwall fan for anything but the home user - I don't like their inflexible 'zone' concepts), and then you can point and click - but it will take you much longer to set up the VPNs, and you'll prolly lock yourself out once or twice from the remote firewall server till you get the hang of it, coz you gotta do both sides of the equation - don't forget that so leave your own IP completely Permissioned to traverse the WAN and then test on another box to verify.
Seriously, GRE tunnels are easy, and supported by CISCO too.
One I've used successfully that is EASY to setup and supports both Windows and Linux clients is OPENVPN-AS. When the user points his browser to your server, the program asks him for a login and password the first time only (the one you allow by creating that user in Linux). It then creates an install file on-the-fly for the Windows or Linux version (whichever is chosen by the user). The user double-clicks on it to download it, then runs it. Everything is then done for the user so that when they click on the icon, it will ask them for their password then log them into the server as a VPN user. Browse to http://openvpn.net/ and download the OpenVPN Access Server to install it on your Linux box.
They are very responsive to help requests (my first question got a reply within 2 hours). You do have to register to get the two free simultaneous client licenses. If you need more, it's $5.00 per user minimum 10 users after that - very cheap for what you get.
Forgot to mention - they have versions for Ubuntu (I'm using 9.04), CentOS4 (which I personally verified works for Redhat EL/ES4) and CentOS5, Fedora and VMWare.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.