[NTLUG:Discuss] Wingnuts clients need a VPN through a Linux firewall/gateway

Kevin Taylor kevint at suse.com
Wed Dec 6 11:01:29 CST 2000 

"Richard " <richard at rain.lewisville.tx.us>, on the subject of
'[NTLUG:Discuss] Wingnuts clients need a VPN  through a Linux
firewall/gateway', is quoted as:
>The last time I researched this was when Slackware 3.1 was the latest
and
>greatest.  Has anyone come up with a step by step.. "Use this on the
client,
>and this on the server HOWTO?"  While I wouldn't classify myself as a
novice
>to the linux command line environment (I have avoided Xwindows, KDE,
and
>GNOME totally thus far), it can take me quite a while to figure things
out
>on my own.....if ever.
>
>Where others lead, I can follow.  BUT DANG it's hard for me to break
'new
>ground' so to speak.
>
>Where should I start looking to allow Wingnut 9X and *E clients to
connect
>to a private 10.x.x.x network INSIDE the firewall?

You've got two decent options - depending on the money available for the
project...
By far, the better solution is to implement an IPSec VPN, for which you
will need:
- Freeswan server (http://www.freeswan.org)
- A Windows IPSec client (commercial software), such as PGPNet
(http://www.pgp.net)

The cheaper solution, and quite more difficult to implement in many
cases, is to 
use PoPToP, a linux implementation of Microsoft VPN staple, PPTP.  
(http://www.moretonbay.com)

These do offer a number of examples of how to implement them, and
instructions of
the same, but it doesn't mean it's easy to do.  PoPToP, for example,
will realistically 
need you to re-build pppd to offer some of the microsoft extensions
available in order
to be even marginally secure (if you don't have transport-layer
encryption, what 
good is a vpn solution).  It will make the implementation far easier if
you use a distro
that has the patches applied for the needed fuctionality, which is
probably available
in the most recent versions of some distros, as it is available in SuSE
7.0.  

Hope this helps you with a decent direction to go in investigating VPN
solutions

I'm not 100% sure you had this in mind, but "need a VPN  through a Linux
firewall/
gateway" could be interpreted as using the VPN from behind a masquerade.
 If it's 
just a firewall, poking the appropriate holes in the firewall will do it
(look at the FAQ
for firewalls on either of the above sites for help).  If it's behind a
masq, that can be 
more tricky.  For *some* VPN solutions, there are workarounds that you
can read 
in the LDP, one is a VPN/Masquerade howto which is helpful, but there
are some 
limitations you will need to be aware of - so read about these
limitations...  sorry I
didn't elaborate more on these points, but this is a bit long already
and unless I 
already knew which VPN you were going to use I wouldn't be able to
elaborate 
better.  (no use writing about IPSec, if you're using PPTP, or vice
versa).



Kevin Taylor
Consultant

Linux: there is no substitute...
-----------------------------------------------------
SuSE Inc.,                 Tel:   +1-510-628-3380 (ext. 5075)
580 Second St., Suite 210  Fax:   +1-510-835-3381
Oakland CA 94607           Email: kevint at suse.com
USA                        WWW:   http://www.suse.com
-----------------------------------------------------

More information about the Discuss mailing list