[svlug] how do i setup a vpn?
b.j.smith at ieee.org
Thu Nov 15 11:29:01 PST 2001
Robert Khachikyan wrote:
> Fellow svlug'ers,
> Unfortunately this question is not linux related. However, I
> thought maybe you'd have knowledge in this area...
I'm in Orlando, so I'm only going to make a "brief comment" and leave it
at that. God knows I _hate_ "meta-discussions" and I'm probably
starting one here. ;-PPP But I'm going to say it anyway, and please
excuse me if I have "overstepped" the LUG's rules (I'm just a
non-member/remote subscriber ;-). And this _could_ be turned into a
"Linux opportunity" (see below). ;-PPP
MY POINT: It's _not_fair_ to people who only use Linux to see Windows
questions asked on a Linux list. Please consider this, even if some of
us 100% Linux users are longtime Windows admins as well. ;-PPP
Now know we also understand that it is _very_difficult_ to get good help
on Windows, even if you pay for it. So I *DO* "feel your pain." And
I'm not going to "rake you over the coals" for asking a technical
question (which is better than yet another political thread ;-), but
maybe you should be asking a different one? I mean, it's obvious that
you (among many others) hold Linux users in high technical regards, as
do even non-Windows users, so maybe there's something else that can be
done to accomdate you?
Maybe there should be a PC support list for such technical savvy people?
Here in Orlando, our local Microsoft affliate, the "upper echelon"
Orlando NT Professionals Association (ONTPA -- http://www.orlandont.org)
is a _joke_ where you canNOT ask technical questions nor get help. Let
alone the local Central Florida Computer Society (CFCS --
http://www.cfcs.org) is overrun by vendors who throws money at the
group, and freebies at the users. I'm sure there is a similar, "people
networking-only" user group in the SV/SJ/SF area. So maybe SVLUG, BALUG
or someone else should consider doing the following for the SV/SJ/SF
area -- which could easily expand to farther out.
Create a PC support list hosted by your LUG. Not just an "off-topic"
list, as many of us found that politics seem to rule them, but a
"technical-only, anything goes, non-Linux" list. We created one here in
Orlando (c/o LEAP[-CF] -- http://www.leap-cf.org) and now have numerous
subscribers from Tampa (SLUG), Jacksonville (JAXLUG), Gainesville (FLU),
etc... Now we have a great group of experts whose brains can be picked,
without bothering the "LUG."
Thanx for your time, now to answer your question ...
> I have a Windows NT Server and a Windows 98 connected through a CISCO
> Catalyst 1900 switch. How can I setup a VPN among those two machines?
> I should perhaps mention that the computers are connected to the
> internet via a CISCO router. If anyone has done it before or knows
> anything about it, please direct me to the right place.
VPNs can be complex beasts, and there are so many options and security
issues, I don't know where to being. So I'll begin with ... Linux!
In any case, _Linux_ increases your options by a factor of 10x or more.
Consider building a $300 box and putting it on one (or one on both)
I see several options:
- VPNd, CIPE, etc... between the two Linux boxen
Just make an open VPN between two networks very easily and quickly.
Some use the Blowfish cipher which I view as more secure and faster.
- IPSec between systems
FreeS/WAN server (and client) on the Linux side using 3xDES and PGPNet
client (among others) on the client side. Lots of people doing this,
very open and flexible.
- SSH client on Windows to Linux boxen
I like this because you "narrow" the port forwarding to only select
ports. I _hate_ the idea of opening all ports from one network to
another -- especially from home computers.
- Point-to-Point-Tunneling-Protocol (PTPP)
Least secure, especially for older Windows versions (which is easily
breakable). Linux PTPP server, built-in Windows VPN client.
Let me know what you're looking at.
Bryan "TheBS" Smith mailto:b.j.smith at ieee.org chat:thebs413
Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org
President SmithConcepts, Inc. http://www.SmithConcepts.com
"The [US] Constitution guarantees you Free, not Fair. 'Fair' is
a socialist concept." -- Shawn McMahon
More information about the svlug