From: "John A. Sullivan III" <jsullivan@opensourcedevelopmentcorp.com>
To: Peter Marshall <peter.marshall@caris.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: vpn
Date: Tue, 14 Sep 2004 10:42:27 -0400 [thread overview]
Message-ID: <1095172947.2055.33.camel@localhost> (raw)
In-Reply-To: <012a01c49a61$340e8ad0$49caa8c0@caris.priv>
On Tue, 2004-09-14 at 09:46, Peter Marshall wrote:
> I need to set up a vpn. I am trying to figure out which would be best. I
> need to connect my office with a sister office. The employess are using
> windows machines. They want to be able to get and put files from a windos
> file server. Windows networking would be a bonus. Both offices have Linux
> firewalls. Would ssh over a PPP tunnel work for this ? Would pptp or
> cIPe be a better solution ?
>
> I have my network setup below ... I was also wondering if it would be better
> to put the vpn server either behind the internal firewall, or in the dmz, or
> make it part of the internal firewall
>
> my network in a nutshell.
> I have an internal network with an internal firewall. I have an external
> network with an external firewall, and a dmz, between the internal and the
> external firewall. All numbers in the dmz are internet routable (They have
> their own /26 network). The external firewall has a 29 subnet on it's
> external interface.
<snip>
I would suggest an IPSec VPN using either the native IPSec stack in the
latest Linux or either StrongSWAN (www.strongswan.org) or OpenSWAN
(www.openswan.org) and placing access control and VPN on the same
device. That is how we design most devices for use in the ISCS project
(http://iscs.sourceforge.net).
You will need to manage the Windows networking carefully as the
broadcasts normally associated with browsing and with some forms of
NetBIOS Name Resolution will not work through the VPN. There is a lot
of information in the FressS/WAN/ StrongSWAN / OpenSWAN archives about
that. Good luck with it - John
--
John A. Sullivan III
Open Source Development Corporation
Financially sustainable open source development
http://www.opensourcedevel.com
next prev parent reply other threads:[~2004-09-14 14:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-14 13:46 vpn Peter Marshall
2004-09-14 13:55 ` vpn George Ross
2004-09-14 14:22 ` vpn Brent Clark
2004-09-14 14:31 ` vpn Michael Gale
2004-09-14 14:42 ` John A. Sullivan III [this message]
2004-09-14 16:07 ` vpn Nick Drage
2004-09-15 3:01 ` vpn Ted Kaczmarek
2004-09-15 8:42 ` vpn René Gallati
2004-09-15 11:37 ` vpn John A. Sullivan III
2004-09-14 17:20 ` vpn Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2004-06-30 16:34 VPN paulobruck1
2004-06-30 16:52 ` VPN John A. Sullivan III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1095172947.2055.33.camel@localhost \
--to=jsullivan@opensourcedevelopmentcorp.com \
--cc=netfilter@lists.netfilter.org \
--cc=peter.marshall@caris.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.