[plug] Debian VPN

Andrew Howell andrew at it.net.au
Mon Nov 6 13:48:36 WST 2006 

Linux's native IPSec implementation works very well for site to site VPN
tunnels. It inter-operates well with other IPSec implementations as
well. My company can help you implement this if you require any help,
but you can start by checking the HOWTO below.

http://www.ipsec-howto.org/

Also if need to support people connecting in from home, PPTP with
authentication against Active Directory works quite well.

http://poptop.sourceforge.net/dox/replacing-windows-pptp-with-linux-howto.phtml

Again we can help with this as well.

Andrew

On Mon, 2006-11-06 at 11:47 +0800, Jonathan Young wrote:
> On 11/6/2006, "Jonathan Young" <jonathan at pcphix.com> wrote:
> 
> >Hi all
> >
> >Just after a quick overview of (plus any considerations when planning)
> >how to implement a VPN using Linux.  Under Windows you enable the VPN
> >server and allow certain ports through the firewall; presto LAN via VPN.
> >
> >How is it done under Debian?
> >
> >I am familiar with the concepts involved, but still relatively new to
> >Linux administration (strangely all my Linux servers have needed far
> >less attention; consequently I don't get to 'learn' as much without
> >doing research).
> 
> More information:
> 
> I currently have an organisation that employs 5 servers in three
> locations and I need to network at least two of these locations to share
> some files and a central A/V solution.
> 
> At location A we have:
> 
> Debian box(1) operating as an Internet Gateway - firewall and ADSL.
> Debian box(2) operating as a Mail Server - postfix.
> Windows 2000 Server(3) operating as the PDC - list of users, shared
> Windows applications, filesharing; uses PAM to sync newly created users
> which results in auto-creation of mailboxes on the mail server.
> 
> At locations B and C we have:
> Debian boxes (servers 4 and 5) operating as PDCs - including
> filesharing/authentication via Samba.
> 
> In all locations there are a handful of PCs running either Win98, Win2K
> or XP and popping mail directly from the mailserver at location A.
> 
> Everything works well, but now the client has purchased a server-based
> anti-virus solution to be installed on the Windows 2000 server and
> distributed from there automatically.
> 
> It has been suggested that we use VPN to distribute updates to the other
> two sites (or at least one of them), so I see two ways of doing this:
> 
> (1) Manual VPN connection on each PC which must be connected from time to
> time to get updates by connecting directly to the Windows server at
> location A.
> 
> (2) A full time point-to-point VPN from one each Linux server back to
> location A connecting all three locations so that workstations appear
> local the Win2K Server and get request updates whenever they wish.
> 
> The company I am working for sees another option as:
> 
> (3) Throw out the Linux boxes, replace them with routers capable
> providing the VPN (e.g. Sonicwall) and upgrade the Windows box to SBS
> and run the lot from there.
> 
> Unfortunately, I have had plenty of experience with option 3 so unless I
> can put forward a viable Linux based VPN option and follow it through it
> looks like 4 of my favourite boxes will be going in the bin in favour of
> the hardware based solution.
> 
> - Jonathan
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
-- 
Andrew Howell
Director
Informed Technology
E-mail: andrew at it.net.au
Ph: 08 9460 4888  Fax: 08 9460 4877

More information about the plug mailing list