Re: Setting up a new FIREWALL with VPN

To: Paul <sase@velocity.five-elements.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Setting up a new FIREWALL with VPN
From: Sean McAvoy <sean.mcavoy@megawheels.com>
Date: 31 May 2002 15:16:00 -0400
Message-id: <[🔎] 1022872561.13147.19.camel@smlinux.drive-megawheels.com>
In-reply-to: <[🔎] Pine.LNX.4.20.0205310041001.692-100000@velocity.five-elements.com>
References: <[🔎] Pine.LNX.4.20.0205310041001.692-100000@velocity.five-elements.com>

Hello,
I am in the process of building a few VPN/Firewall systems based on
debian. I'm using a Kernel 2.4.18 with the following patches FreeSWAN
for IPSec based VPNs,MPPE for support of PPTP based (windows) clients,
and GRSecurity for extra security. I've disabled module support
(defeating and kernel module hacks). The GRsecurity patch adds some very
useful patches for firewalls. 

I will be running a minimal amount of daemons(pluto, squid, ppptd), I am
looking into using chroot with most of them. The largest part of the
project will be the monitoring system. 

I am still looking into how I will collect and display statistics
(transfers, proxy usage). Also I am looking into log monitoring for hack
attempts and general oddites, as well tripwire for ensuring file
integrity. 

The last part is kinda of wishful thinking. I would like to have a
management interface, for adding IPSec connections and PPTP users, and
maybe displaying MRTG graphs and such. I was thinking CVS possibly for
config file management, combined with make and ssh could be cool for
keeping track of changes by admins as well as securely automating config
file updates.

Anyone else had experience with this kind of thing on Debian? Anyone
interested in helping developing this?

On Fri, 2002-05-31 at 01:45, Paul wrote:
> I'm planning a new system that will act as a gateway/firewall for a
> network behind a cable modem.
> 
> 
> The idea is to have all clients able to use the gateway to access the
> internet for EMail only (I figure IPMASQ blocking all those ports) and
> then user auth'd proxy for the web... I figure I'll use SQUID for that.
> 
> 
> My question however, is setting this all up with allowing for VPN...
> 
> I want users outside the network on windows clients to be able to connect
> securely to the network with encription (of course) and user
> authentication (a generic password or usernames will suffice)
> 
> Does anyone have any suggestions on how to do this... and perhaps a URL
> for howto's or whatever?
> 
> I'm confident that I'll be able to set up SQUID and IPMASQ and securing
> the machine.. but I've never done linux debian VPN before...
> 
> ideas?
> 
> Thanks a bunch!  
> -Paul
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
-- 
Sean McAvoy
Network Analyst
Megawheels Technologies Inc.
Phone: 416.360.8211
Fax:   416.360.1403
Cell:  416.616.6599

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Setting up a new FIREWALL with VPN
  - From: Paul <sase@velocity.five-elements.com>

Prev by Date: Re: Setting up a new FIREWALL with VPN
Previous by thread: Re: Setting up a new FIREWALL with VPN
Index(es):
- Date
- Thread