From mboxrd@z Thu Jan 1 00:00:00 1970 From: Grant Taylor Date: Tue, 21 Nov 2006 06:15:05 +0000 Subject: Re: [LARTC] VPN Solution Message-Id: <45629969.9050208@riverviewtech.net> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org On 11/21/06 00:20, Rangi Biddle wrote: > What I want to do is have a VPN (PPTP/IPSEC/CIPE/etc) server, but it=20 > must support more than one simultaneous connection. >=20 > I currently have a PPTP VPN server setup that has port 1723 and protocol = > 47 DNAT=92d through to the internal IP address of the VPN server and I=20 > have not been able to have more than one connection at a time. I am=20 > considering setting up the VPN server as a gateway (for lack of a better = > word) and instead of DNATing the connections through to the internal IP=20 > I would setup a DMZ with the VPN server as the only host. My only=20 > concern in doing so is that if it does not work what other options do I=20 > have besides getting a different connection type such as fibre? I=92m=20 > trying to do this as cheaply as possible. Can / will you provide some more information such as what type of client=20 will be connecting to the VPN concentrator? I believe the 1 concurrent connection you are referring to is a limitation = of IPTables match extension for PPTP tunnels. If you put the VPN=20 Concentrator such that it is directly routable you should have better luck. Beyond PPTP, you can look in to IPSec or SSLTunnel, or any number of other = products. However to be able to determine which of the products is best=20 suited to your situation, we need to know more about your situation. Grant. . . . _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Rangi Biddle" Date: Tue, 21 Nov 2006 06:20:06 +0000 Subject: [LARTC] VPN Solution Message-Id: <002801c70d35$199a9f60$0101010a@lamachine> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============0423929749==" List-Id: References: <45629969.9050208@riverviewtech.net> In-Reply-To: <45629969.9050208@riverviewtech.net> To: lartc@vger.kernel.org This is a multi-part message in MIME format. --===============0423929749== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0029_01C70DA2.1093E760" This is a multi-part message in MIME format. ------=_NextPart_000_0029_01C70DA2.1093E760 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Greetings List Members, I'll firstly apologise if this isn't the place that I should be posting this message but here goes. What I want to do is have a VPN (PPTP/IPSEC/CIPE/etc) server, but it must support more than one simultaneous connection. I currently have a PPTP VPN server setup that has port 1723 and protocol 47 DNAT'd through to the internal IP address of the VPN server and I have not been able to have more than one connection at a time. I am considering setting up the VPN server as a gateway (for lack of a better word) and instead of DNATing the connections through to the internal IP I would setup a DMZ with the VPN server as the only host. My only concern in doing so is that if it does not work what other options do I have besides getting a different connection type such as fibre? I'm trying to do this as cheaply as possible. Any and all comments/suggestions are welcome. Rangi ------=_NextPart_000_0029_01C70DA2.1093E760 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Greetings List = Members,

 

I’ll firstly apologise if this = isn’t the place that I should be posting this message but here = goes.

 

What I want to do is have a VPN = (PPTP/IPSEC/CIPE/etc) server, but it must support more than one simultaneous = connection.

 

I currently have a PPTP VPN server setup that = has port 1723 and protocol 47 DNAT’d through to the internal IP = address of the VPN server and I have not been able to have more than one connection = at a time.  I am considering setting up the VPN server as a gateway (for = lack of a better word) and instead of DNATing the connections through to the = internal IP I would setup a DMZ with the VPN server as the only host.  My only = concern in doing so is that if it does not work what other options do I have = besides getting a different connection type such as fibre?  I’m trying to do = this as cheaply as possible.

 

Any and all comments/suggestions are = welcome.

 

Rangi

------=_NextPart_000_0029_01C70DA2.1093E760-- --===============0423929749== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============0423929749==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Nyamul Hassaan" Date: Sun, 04 Feb 2007 02:49:28 +0000 Subject: [LARTC] VPN Solution Message-Id: <00be01c74807$1d7b9dc0$58c170cb@isprossrv02> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============1265739242==" List-Id: References: <45629969.9050208@riverviewtech.net> In-Reply-To: <45629969.9050208@riverviewtech.net> To: lartc@vger.kernel.org This is a multi-part message in MIME format. --===============1265739242== Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B9_01C74839.6166A0C0" This is a multi-part message in MIME format. ------=_NextPart_000_00B9_01C74839.6166A0C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Greeting List Members, I'm not sure if what I want to do is possible at all. I have an office = network (ONet) with 3 uplinks. Each of these ISPs give me a block of = /26 to /29 IP addresses, as my needs / demands are. Now, I have a remote server (RS) hosted in a data center, which = communicates between several hosts in my office. What we want to do is = encrypt the data being transferred between RS and ONet. We already established a IPSEC tunnel between RS and ONet through 1 of = the uplinks. Is it possible to have 3 different IPSEC tunnels through = the 3 uplinks, and then have a load balancing between the 3? We have also taken a /26 block from the data center provider, and have = routed the /26 through the IPSEC to our ONet. Can we have the same /26 = use the 3 uplinks configured as IPSEC tunnels and load balance between = them? If you need any more explanation, I would be happy to provide that. Regards HASSAAN ------=_NextPart_000_00B9_01C74839.6166A0C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Greeting List Members,
 
I'm not sure if what I want to do is = possible at=20 all.  I have an office network (ONet) with 3 uplinks.  Each of = these=20 ISPs give me a block of /26 to /29 IP addresses, as my needs / demands=20 are.
 
Now, I have a remote server (RS) hosted = in a data=20 center, which communicates between several hosts in my office.  = What we=20 want to do is encrypt the data being transferred between RS and=20 ONet.
 
We already established a IPSEC tunnel = between RS=20 and ONet through 1 of the uplinks.  Is it possible to have 3 = different=20 IPSEC tunnels through the 3 uplinks, and then have a load balancing = between the=20 3?
 
We have also taken a /26 block from the = data center=20 provider, and have routed the /26 through the IPSEC to our ONet.  = Can we=20 have the same /26 use the 3 uplinks configured as IPSEC tunnels and load = balance=20 between them?
 
If you need any more explanation, I = would be happy=20 to provide that.
 
Regards
HASSAAN
 
 
------=_NextPart_000_00B9_01C74839.6166A0C0-- --===============1265739242== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============1265739242==--