On Fri, Dec 17, 2004 at 10:34:04PM +0100, Leonardo Boselli wrote: > A first suggestion was to use a VPN but before digging in documentation or > asking you to send me hints and help i wish to know if this is feasible. > The idea would be to tunnelize all traffic trought a single port and > export on the subnet so it would appear as coming out of an address of the > subnet [ideally the same one of his turned-off office machine]. That's the typical use-case (roughly) of a VPN, yes. > Would this require a separate router or can be accomplished by a single > computer. Depends on the VPN system, but there are systems that can work with an endpoint being a regular machine inside the destination subnet, yes. > Another problem: he want o retain his winXP pc ... with the OS .. > with this additional limit is possible ? Certainly. There are three ways of providing this functionality: 1) IPSec. Large, clunky, and complex, but the "gold standard" for VPN systems. Common implementations for Linux currently require the endpoint to be on the periphery of the protected subnet, not inside it (and it shits me to tears). Windows support available but a little fiddly. 2) PPTP. Microsoft's rather shoddy attempt at making a VPN happen. Insecure as all hell (Bruce Schneier did a good critique), but since Microsoft made it Windows has good support for it. There are Linux implementations available of both the server and client, but they can be a little tricky to get going. 3) OpenVPN. A new one on the radar for me (I've only recently started looking into it), it looks like it could be a good fit between the two above extremes. Appears to be reasonably secure, the endpoint can live inside the protected subnet (apparently, haven't tried this out yet), generally straight-forward to configure, and there is a Windows implementation as well as the Linux one. - Matt
Attachment:
signature.asc
Description: Digital signature