Matteo Riva wrote:
Hello, this is the first time I have to use a VPN so I need basic information on how to do it. I need to connect to a Watchguard VPN but the admin only sent me details for windows so I'm kinda clueless. What packages should I use? What specific details should I ask the admin? I already asked for specific instructions but it could take time and I'd like to speed things up a little if I can, and learn something in the process too.
The most important thing you need to know is which type of VPN it is. The Microsoft world uses three main types: PPTP, L2TP and IPSec. The first two are proprietary Microsoft protocols, but are well enough understood that they are de-facto standards. IPSec is an old standard and is very widely used for site-to-site VPNs, normally between perimeter firewalls or routers. IPSec uses the IP addresses of the endpoints for the encryption process, and so doesn't work by itself through NAT. There are various bodges to help matters, but IPSec is only really appropriate between routable IP addresses, not to or from machines behind NAT.
Since the Watchguard device is probably a perimeter firewall, it could well use any of these protocols, or OpenVPN. If you've been given Windows instructions, that suggests the VPN client will normally be a workstation, so probably PPTP, or just possibly L2TP. There is a PPTP client, pptp-linux, and at least one GUI wrapper for it. The most basic encryption for PPTP is MPPE, a Microsoft protocol, but included in kernels since early 2.4, I think. Quite exotic encryption and authentication is possible even with PPTP, but rarely used as it is a bit of a pig to get working. The default XP VPN client is PPTP, and the default settings are usually used. If it is PPTP, and you have egress filtering on your workstation or network, you need to pass TCP port 1723 and *IP protocol*, not port, 47.
I can't be of much more help, as it is some time since I used VPN much, and then it was to connect to Windows servers.
-- Joe