[svlug] how do i setup a vpn?

Bryan-TheBS-Smith b.j.smith at ieee.org
Thu Nov 15 11:29:01 PST 2001

Robert Khachikyan wrote:
> Fellow svlug'ers,
> Unfortunately this question is not linux related. However, I
> thought maybe you'd have knowledge in this area...

I'm in Orlando, so I'm only going to make a "brief comment" and leave it
at that.  God knows I _hate_ "meta-discussions" and I'm probably
starting one here.  ;-PPP  But I'm going to say it anyway, and please
excuse me if I have "overstepped" the LUG's rules (I'm just a
non-member/remote subscriber ;-).  And this _could_ be turned into a
"Linux opportunity" (see below).  ;-PPP

MY POINT:  It's _not_fair_ to people who only use Linux to see Windows
questions asked on a Linux list.  Please consider this, even if some of
us 100% Linux users are longtime Windows admins as well.  ;-PPP

Now know we also understand that it is _very_difficult_ to get good help
on Windows, even if you pay for it.  So I *DO* "feel your pain."  And
I'm not going to "rake you over the coals" for asking a technical
question (which is better than yet another political thread ;-), but
maybe you should be asking a different one?  I mean, it's obvious that
you (among many others) hold Linux users in high technical regards, as
do even non-Windows users, so maybe there's something else that can be
done to accomdate you?

Maybe there should be a PC support list for such technical savvy people?

Here in Orlando, our local Microsoft affliate, the "upper echelon"
Orlando NT Professionals Association (ONTPA -- http://www.orlandont.org)
is a _joke_ where you canNOT ask technical questions nor get help.  Let
alone the local Central Florida Computer Society (CFCS --
http://www.cfcs.org) is overrun by vendors who throws money at the
group, and freebies at the users.  I'm sure there is a similar, "people
networking-only" user group in the SV/SJ/SF area.  So maybe SVLUG, BALUG
or someone else should consider doing the following for the SV/SJ/SF
area -- which could easily expand to farther out.

Create a PC support list hosted by your LUG.  Not just an "off-topic"
list, as many of us found that politics seem to rule them, but a
"technical-only, anything goes, non-Linux" list.  We created one here in
Orlando (c/o LEAP[-CF] -- http://www.leap-cf.org) and now have numerous
subscribers from Tampa (SLUG), Jacksonville (JAXLUG), Gainesville (FLU),
etc...  Now we have a great group of experts whose brains can be picked,
without bothering the "LUG."

Thanx for your time, now to answer your question ...

> I have a Windows NT Server and a Windows 98 connected through a CISCO
> Catalyst 1900 switch. How can I setup a VPN among those two machines?
> I should perhaps mention that the computers are connected to the
> internet via a CISCO router.  If anyone has done it before or knows
> anything about it, please direct me to the right place.

VPNs can be complex beasts, and there are so many options and security
issues, I don't know where to being.  So I'll begin with ... Linux!

In any case, _Linux_ increases your options by a factor of 10x or more. 
Consider building a $300 box and putting it on one (or one on both)

I see several options:

- VPNd, CIPE, etc... between the two Linux boxen

Just make an open VPN between two networks very easily and quickly. 
Some use the Blowfish cipher which I view as more secure and faster.

- IPSec between systems

FreeS/WAN server (and client) on the Linux side using 3xDES and PGPNet
client (among others) on the client side.  Lots of people doing this,
very open and flexible.

- SSH client on Windows to Linux boxen

I like this because you "narrow" the port forwarding to only select
ports.  I _hate_ the idea of opening all ports from one network to
another -- especially from home computers.

- Point-to-Point-Tunneling-Protocol (PTPP)

Least secure, especially for older Windows versions (which is easily
breakable).  Linux PTPP server, built-in Windows VPN client.

Let me know what you're looking at.

-- TheBS

Bryan "TheBS" Smith    mailto:b.j.smith at ieee.org   chat:thebs413
Engineer  AbsoluteValue Systems, Inc.  http://www.linux-wlan.org
President     SmithConcepts, Inc.   http://www.SmithConcepts.com
"The [US] Constitution guarantees you Free, not Fair.  'Fair' is
a socialist concept." -- Shawn McMahon

