[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Domains/trusts

On Wed, 2002-03-27 at 09:09, curtis wrote:
> First, the situation.
> Facts:
> We have an office in the US running an NT-based network with a few linux 
> stations.
> We have an office in Russia, where they have a peer-to-peer network - 
> all windows based OSs.
> Goal:
> We wish to create a WAN through a VPN.
> Concerns:
> HOWEVER. I am about to let them gain access to our network without 
> authentication.  If we had 2 NT-based networks with domain structures, 
> then I would simply create the necessary trust relations between our 
> domains and that's it.
> But, whereas our office is slowly migrating to Linux and whereas the 
> Russian office does not have an NT server, I was wondering what the 
> optimal Linux solution would be.  In this scenario, please make 
> suggestions with or without any consideration of our NT-based network.
> I would really appreciate comments.

Use CIPE http://sites.inka.de/sites/bigred/devel/cipe.html . You can use
static keys at each end or PK CIPE with certificates to do the
authentication. It tunnels all TCP/IP cryptographically. Basically you
will end up with two private networks that appear to be connected
through a single router, when really they're on opposite ends of the

You can run CIPE on a Linux masquerading box and traffic destined for
the net will travel directly and traffic destined for the remote network
will be tunnelled. If you already have a border router/firewall, CIPE
can use SOCKS5 to bind to the necessary ports on the live IP. It uses
UDP for the carrier packets.

As for "with or without any consideration of our NT-based network", it
doesn't really matter. It all looks like TCP/IP (broadcast won't be
propagated across subnets though)

Kind Regards
Crispin Wellington

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: