[svlug] Using SSH software to implement a VPN for Microsoft Clients...

Rick Moen rick at hugin.imat.com
Thu Mar 12 02:28:53 PST 1998

Previous message: [svlug] Using SSH software to implement a VPN for Microsoft Clients...
Next message: [svlug] Is there a version of linux for the macintosh?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Buddrige <David.Buddrige at optum.com.au> wrote:
[You asked several similar-but-very-different questions:]

> I have a need to allow Windows 95 clients to log into an NT File server
> using VPN and PPTP over the internet.... I want to do this using our
> linux box which is currently acting as our internet gateway/firewall...
> is this possible?

You're requiring _specifically_ PPTP, here.  To do exactly what you
specified requires a PPTP server for Linux.  This does exist, as a 
patch to the Linux ipfwadm software.  See:

http://dune.wolfenet.com/~jhardin/
http://www.bmrc.berkeley.edu/people/chaffee/linux_pptp.html

(The first of those gives you as a bonus some good fan information
about the Hugo-award-winning television series Babylon 5.  B5 rules!)

However, you should be aware that Microsoft's implementation of PPTP
in the Dial Up Networking 1.2 software for Win95 and in WinNT 4.0 
has quite weak security -- 40-bit RC-4, if I read correctly.  As 
encryption goes, in this day and age, that's pretty risible.

Nonetheless, as usual, if you want to shoot yourself in the foot,
Linux is right there with a brace of firearms, extra ammunition, 
and a rifle instructor.  There's even a PPTP client.  (See
http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/.)

If you're at least a little security conscious, an alternative
is to deploy the SSH daemon on Linux, and run suitable SSH client
software on the WinDOS boxes out in the field.  See
http://ssh.connectnet.com/

[You have Linux running a Web cache/app-level proxy and ftpd.  
Private IP network otherwise.  WinDOS NT file server supporting PPP
dial-up.

> [I want] to allow for people to log into our NT server over the Internet 
> [via Linux] *as though* ...via Windows NT RAS....   Is there any way 
> that this can be done using the Linux proxy?  

Remote WinDOS clients run an SSH client.  Linux on WAN side has sshd.
Linux firewall software proxies the SSH 22/TCP-port connections --
possibly non-trivial to set up.  ;->

I suppose you could even do likewise with PPTP server on Linux, if 
you really wanted.

> Is there a Linux product that could be used to allow
> people to log into the intranet over the Internet and be active as
> though they had logged in on a local machine on the intranet?

Well, you could give the above a try, eh?

-- 
Cheers,                                 For good netiquette,
Rick Moen                         be wise and choose a four-line
rick (at) hugin.imat.com               .sig (haiku is good).

--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe

Previous message: [svlug] Using SSH software to implement a VPN for Microsoft Clients...
Next message: [svlug] Is there a version of linux for the macintosh?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list