RE: VPN

To: Chris Mason <chris@net.ai>
Cc: Debian-User <debian-user@lists.debian.org>
Subject: RE: VPN
From: Phil Brutsche <pbrutsch@tux.creighton.edu>
Date: Thu, 27 Jul 2000 19:18:46 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.21.0007271908470.918-100000@tux.creighton.edu>
In-reply-to: <[🔎] LOBBIDOPLBDJHHLNPHOCIEDFMKAA.chris@net.ai>

A long time ago, in a galaxy far, far way, someone said...

> The firewall would be IPCHAINS setup with PMfirewall. It's an office network
> and the owner wants to be able to access the accounts data and run the
> accounts program on her laptop while connected to the internet aboad over a
> secure tunnel through the firewall to a fileserver. I don't see why the data
> can't be in a directory on the firewall, but others have told me not to do
> this.

They're right - it's not a good idea to put that info on the firewall.

> The firewall will allow email in and out, web traffic, and will run no
> external services except for SSH.
> The Owner will us Windows on the laptop, the accounts program will be MYOB,
> and it must be a multiuser setup with filelocking, which I beleive MYOB will
> do itself.
> I do something very similar, in that my accounts data is on a Debian server,
> I use Quickbooks in Multi-user mode, so I don;t think that is a problem.
> The biggest problem is how to tunnel in through a firewall to an internal
> machine using windows on each end and the firewall in the middle.

THAT is the hard part.  It's really hard to do that unless you use one of
two solutions:

 * IPsec: http://www.freeswan.org - IPsec for IPv4 on Linux.  Requires
   third-party software on the laptop
 * PoPToP: http://www.moretonbay.com/vpn/pptp.html - an implementation of
   MS PPTP on Linux.

For both you need to be using the 2.2 kernel.

The entire problem is the fact that your boss want's to use Windows PPTP
VPN technology.  It won't work for port foward TCP port 1728 to the
Windows server and have it run RAS: the bulk of the VPN consists of GRE
(IP proto 47) traffic.  And forwarding _that_ requires that modifications
be made to ipchains and the kernel...

I would put preference on getting PoPToP to work.

-- 
----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien

Reply to:

References:
- RE: VPN
  - From: "Chris Mason" <chris@net.ai>

Prev by Date: CD-ROM drive being accessed/wrecked?
Next by Date: Re: NT Authentication over Debian Firewall/Router
Previous by thread: RE: VPN
Next by thread: hardware question
Index(es):
- Date
- Thread