[plug] Debian VPN

Jonathan Young jonathan at pcphix.com
Mon Nov 6 11:47:55 WST 2006 

On 11/6/2006, "Jonathan Young" <jonathan at pcphix.com> wrote:

>Hi all
>
>Just after a quick overview of (plus any considerations when planning)
>how to implement a VPN using Linux.  Under Windows you enable the VPN
>server and allow certain ports through the firewall; presto LAN via VPN.
>
>How is it done under Debian?
>
>I am familiar with the concepts involved, but still relatively new to
>Linux administration (strangely all my Linux servers have needed far
>less attention; consequently I don't get to 'learn' as much without
>doing research).

More information:

I currently have an organisation that employs 5 servers in three
locations and I need to network at least two of these locations to share
some files and a central A/V solution.

At location A we have:

Debian box(1) operating as an Internet Gateway - firewall and ADSL.
Debian box(2) operating as a Mail Server - postfix.
Windows 2000 Server(3) operating as the PDC - list of users, shared
Windows applications, filesharing; uses PAM to sync newly created users
which results in auto-creation of mailboxes on the mail server.

At locations B and C we have:
Debian boxes (servers 4 and 5) operating as PDCs - including
filesharing/authentication via Samba.

In all locations there are a handful of PCs running either Win98, Win2K
or XP and popping mail directly from the mailserver at location A.

Everything works well, but now the client has purchased a server-based
anti-virus solution to be installed on the Windows 2000 server and
distributed from there automatically.

It has been suggested that we use VPN to distribute updates to the other
two sites (or at least one of them), so I see two ways of doing this:

(1) Manual VPN connection on each PC which must be connected from time to
time to get updates by connecting directly to the Windows server at
location A.

(2) A full time point-to-point VPN from one each Linux server back to
location A connecting all three locations so that workstations appear
local the Win2K Server and get request updates whenever they wish.

The company I am working for sees another option as:

(3) Throw out the Linux boxes, replace them with routers capable
providing the VPN (e.g. Sonicwall) and upgrade the Windows box to SBS
and run the lot from there.

Unfortunately, I have had plenty of experience with option 3 so unless I
can put forward a viable Linux based VPN option and follow it through it
looks like 4 of my favourite boxes will be going in the bin in favour of
the hardware based solution.

- Jonathan

More information about the plug mailing list