[svlug] Using SSH software to implement a VPN for Microsoft Clients...
rick at hugin.imat.com
Thu Mar 12 02:28:53 PST 1998
David Buddrige <David.Buddrige at optum.com.au> wrote:
[You asked several similar-but-very-different questions:]
> I have a need to allow Windows 95 clients to log into an NT File server
> using VPN and PPTP over the internet.... I want to do this using our
> linux box which is currently acting as our internet gateway/firewall...
> is this possible?
You're requiring _specifically_ PPTP, here. To do exactly what you
specified requires a PPTP server for Linux. This does exist, as a
patch to the Linux ipfwadm software. See:
(The first of those gives you as a bonus some good fan information
about the Hugo-award-winning television series Babylon 5. B5 rules!)
However, you should be aware that Microsoft's implementation of PPTP
in the Dial Up Networking 1.2 software for Win95 and in WinNT 4.0
has quite weak security -- 40-bit RC-4, if I read correctly. As
encryption goes, in this day and age, that's pretty risible.
Nonetheless, as usual, if you want to shoot yourself in the foot,
Linux is right there with a brace of firearms, extra ammunition,
and a rifle instructor. There's even a PPTP client. (See
If you're at least a little security conscious, an alternative
is to deploy the SSH daemon on Linux, and run suitable SSH client
software on the WinDOS boxes out in the field. See
[You have Linux running a Web cache/app-level proxy and ftpd.
Private IP network otherwise. WinDOS NT file server supporting PPP
> [I want] to allow for people to log into our NT server over the Internet
> [via Linux] *as though* ...via Windows NT RAS.... Is there any way
> that this can be done using the Linux proxy?
Remote WinDOS clients run an SSH client. Linux on WAN side has sshd.
Linux firewall software proxies the SSH 22/TCP-port connections --
possibly non-trivial to set up. ;->
I suppose you could even do likewise with PPTP server on Linux, if
you really wanted.
> Is there a Linux product that could be used to allow
> people to log into the intranet over the Internet and be active as
> though they had logged in on a local machine on the intranet?
Well, you could give the above a try, eh?
Cheers, For good netiquette,
Rick Moen be wise and choose a four-line
rick (at) hugin.imat.com .sig (haiku is good).
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
More information about the svlug