Searching \ for '[EE] VPN solution wanted' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=vpn+solution+wanted
Search entire site for: 'VPN solution wanted'.

Exact match. Not showing close matches.
PICList Thread
'[EE] VPN solution wanted'
2005\12\05@072426 by Russell McMahon

face
flavicon
face
I'd like (wouldn't we all) to transparently join two or more networks
across the internet as a VPN (Virtual Private Network) preferably (of
course) for free and ideally without venturing too far away from
Microsoft land, although this isn't an essential. Google says much
about VPNs but it's not easily apparent that there are highly
transparent cheap/free and easily implementable solutions.

File sharing is the highest priority with any program not "knowing"
that a file was remotely located apart from the obvious limitations
imposed by the available bandwidth. Peripheral sharing (printers etc)
would be a bonus. Security is of course a major issue. File sharing
via eg FTP is better than nothing but far less than what I am after.
VNC and similar are OK but have limitations.

Any suggestions?



       Russell McMahon

2005\12\05@083421 by Rolf

face picon face
Russell McMahon wrote:
> I'd like (wouldn't we all) to transparently join two or more networks
> across the internet as a VPN (Virtual Private Network) preferably (of
> course) for free and ideally without venturing too far away from
> Microsoft land, although this isn't an essential. Google says much
> about VPNs but it's not easily apparent that there are highly
> transparent cheap/free and easily implementable solutions.
>
> File sharing is the highest priority with any program not "knowing"
> that a file was remotely located apart from the obvious limitations
> imposed by the available bandwidth. Peripheral sharing (printers etc)
> would be a bonus. Security is of course a major issue. File sharing
> via eg FTP is better than nothing but far less than what I am after.
> VNC and similar are OK but have limitations.
>
> Any suggestions?
>
>
>
>        Russell McMahon
>
There are a number of "in a box" solutions. The challenge you face
requires a solution that combines the functions of routing, encryption,
decryption, and other general networking activities. Windows platforms
are not leaders in these areas.

Linux does provide the building blocks to solve the problem, but the
setup can be relatively painful. This would be free though.

My brother has implemented the concept, using netscreen devices. He says
that the newer FireBox device has similar functionality. He also
investigated NetBSD and Linux. For sure there are other options as well.
His implementation is work related, so free was not really an issue.
Regardless, I believe that the devices are "reasonably" priced. I have
heard of the Linksys WRG54T

http://www.peapod.co.uk/netscreen_hsc.htm
http://www.watchguard.com/products/x500.asp


Also, broaden your Google search to include things like IPSEC, and for
Linux, look in to FreeSwan, although that has been superseeded by
OpenSwan, or StrongSwan. It has been a while since I was personally
looking in to doing what you are trying.

Rolf

2005\12\05@085538 by Rolf

face picon face
I did not complete the deal on WRT54G Linksys routers. These have been
adapted to do a number of VPN solutions.

Search for WRT54G VPN on google. Here's a good start
http://www.wi-fiplanet.com/tutorials/article.php/3562391

Rolf

Rolf wrote:
{Quote hidden}

2005\12\05@093733 by Gerhard Fiedler

picon face
Russell McMahon wrote:

> I'd like (wouldn't we all) to transparently join two or more networks
> across the internet as a VPN (Virtual Private Network) preferably (of
> course) for free and ideally without venturing too far away from
> Microsoft land, [...]
>
> Any suggestions?

I use an SMC Barricade router for this for some time (SMC7004FW). Works
without a problem. There are other brands and models, too. Documentation of
these devices is often lacking, so some experimenting regarding the
settings may be required :)

Unless you want to set up a Linux or Windows server as router, gateway,
firewall and VPN server (replacing your hardware router/gateway/firewall),
using a router with built-in VPN server is IMO the only practical way,
since I don't think most normal router/gateway devices would support a VPN
server behind them. (This probably depends a lot on the specific router and
VPN implementation; but I think you would have to know a lot about both to
be sure.)

Note that no matter what exact setup you use, don't expect it to work like
a LAN connection (even though it logically looks like a LAN connection).
Many programs apparently use a high number of serialized small requests and
are not well-threaded, which means that they may slow down to a crawl even
with a decent connection speed, due to the often much higher latency.
Microsoft Explorer is one such program. Use the command line (or FTP) for
remote file management over VPN... Also some client-server systems are
designed for LAN use. Extending their use to a WAN using VPN may or may not
work (well or at all), due to the same issue.

Gerhard

2005\12\05@101652 by Enrico Schuerrer
picon face

----- Original Message -----
From: "Russell McMahon" <spam_OUTapptechTakeThisOuTspamparadise.net.nz>
To: "PIC List" <.....PICLISTKILLspamspam@spam@mit.edu>
Sent: Monday, December 05, 2005 1:15 PM
Subject: [EE] VPN solution wanted


> [secure connection, VPN]

Hi Russel!

I use a more or less simple Linksys WRT54G Router at home for WLAN. Via this
router I build up a VPN link to my company with the help of a VPN connection
doing IPsec. Our company's firewall allows me to direct connect the
company's server and act as an IPsec client.

regards

Enrico

2005\12\05@103553 by John Ward

flavicon
face
Hi,

try using OpenVPN
It uses both windows and linux os's and can be configured for point to point
or a concentrator.

Regards
John



On 12/5/05, Enrico Schuerrer <enricospamKILLspamgmx.at> wrote:
>
>
> {Original Message removed}

2005\12\05@110805 by Joe McCauley

picon face
Gerhard,  

Can you tell me how you set this up please? I have an SMC 7004VBR. I started
looking into this sometime back & never got anywhere with it. Time got the
better of me & I never got back to it.

Sorry for hijacking your thread Russell :)

Joe

> {Original Message removed}

2005\12\05@120128 by Russell McMahon

face
flavicon
face
> Try using OpenVPN
> It uses both windows and linux os's and
> can be configured for point to point or a concentrator.

Utterly superb, albeit somewhat mind boggling.

       http://openvpn.net/

Thanks.

       Russell McMahon

2005\12\05@122826 by John Ward

flavicon
face
the other solution is quite simple and requires an installation of
smoothwall.

This is a freeware type firewall with integrated vpn, squid cache, dns
service and a few goodies like intrusion detection thrown in to boot.
url: http://www.smoothwall.org/

this allows you to have simple shared secrets between your own networks for
tunnels/vpns as well as a neat dynamic dns update service. (So that you can
get connected by name even if your ISP changes your IP Address on DSL like
they do here.)

the nice thing about the openvpn is it suits road warrior/trvellers quite
nicely.
the nice thing about the smoothwall is that it gives you the ability to
click and go as its a full firewall distro with a wicked configuration tool
( web based)

Regards
John


On 12/5/05, Russell McMahon <.....apptechKILLspamspam.....paradise.net.nz> wrote:
{Quote hidden}

>

2005\12\05@125407 by Russell McMahon

face
flavicon
face
> Can you tell me how you set this up please? I have an SMC 7004VBR. I
> started
> looking into this sometime back & never got anywhere with it. Time
> got the
> better of me & I never got back to it.
>
> Sorry for hijacking your thread Russell :)

Feel free :-).
The more I hear about what works the better.

Anyone got any problems with this being on EE?
Seemed more like 'everything engineering' than OT, but maybe not.



       RM

2005\12\05@134109 by Gerhard Fiedler

picon face
Joe McCauley wrote:

> Can you tell me how you set this up please? I have an SMC 7004VBR. I started
> looking into this sometime back & never got anywhere with it. Time got the
> better of me & I never got back to it.

I don't think the 7004VBR has a VPN server. I think what it might have is a
VPN client built in; this allows you to have your router connect to an
external VPN server and place your whole LAN on that external network. Or
maybe it only has VPN pass-through.

WRT common broadband routers, there are three types of VPN features:

- VPN pass-through. Allows outbound connections from a client behind the
router to a VPN server in the outside world. After this, only the one
client computer that connected to the server is on the VPN network.

- VPN client built-in. Allows the router to be configured as a VPN client,
and it's the router that connects to that outside VPN server. After this,
the whole LAN behind the router is connected to that outside VPN.

- VPN server built-in. This is what I think Russell asked about. This
allows an outside client to connect to the router through VPN. After this,
the outside client is logically connected to the inside LAN behind the
router. (You also want either a static IP address or a dynamic IP address
with a dynamic DNS service for this, because otherwise it might be
difficult to connect to your VPN server.)

Gerhard

2005\12\05@140057 by Andres Usera

flavicon
face

Im using OpenVpn a lot .. and its great, very stable even over changing
IPs, and you (as client) can connect to several servers in a way your
software never know its over the net. it dose a compression so you gain
a little of the speed you loose by encryption.

been using at work for secure connection with remote servers, and at
home to get to my home machine from the road ...

it works on linux and windows .. I have 3 windows servers and connect to
them with linux and windows clients .

if you use windows check http://www.openvpn.se its a GUI for windows with
little bat script to set it up.

Andres

2005\12\05@140729 by Lucas Thompson

flavicon
face
In addition to all of the dedicated router-type devices and linux, you
can simply enable routing in Windows 2000/XP and use the native IPSec
implementation to accomplish this. It's probably a little more difficult
(last time I documented how it was around 100 steps for a very simple
case!) to configure than the other options, but it has the big advantage
of not needing any extra hardware or software.


{Original Message removed}

2005\12\05@142203 by Gerhard Fiedler

picon face
Russell McMahon wrote:

>> Try using OpenVPN
>> It uses both windows and linux os's and
>> can be configured for point to point or a concentrator.
>
> Utterly superb, albeit somewhat mind boggling.
>
>         http://openvpn.net/

They say that it can work through a single TCP port. This would enable you
to use it through pretty much any hardware router, as almost all of them
have something like a "virtual server" or "port forwarding" feature.

Gerhard

2005\12\05@165341 by Nate Duehr

face
flavicon
face
Russell McMahon wrote:
> I'd like (wouldn't we all) to transparently join two or more networks
> across the internet as a VPN (Virtual Private Network) preferably (of
> course) for free and ideally without venturing too far away from
> Microsoft land, although this isn't an essential. Google says much about
> VPNs but it's not easily apparent that there are highly transparent
> cheap/free and easily implementable solutions.
>
> File sharing is the highest priority with any program not "knowing" that
> a file was remotely located apart from the obvious limitations imposed
> by the available bandwidth. Peripheral sharing (printers etc) would be a
> bonus. Security is of course a major issue. File sharing via eg FTP is
> better than nothing but far less than what I am after. VNC and similar
> are OK but have limitations.
>
> Any suggestions?
>
>
>
>        Russell McMahon

Hi Russell,

Quite a number of options here.  My impressions of some that have already been mentioned and then some more...

Host-based solutions, or Host-to-router:

-----

OpenVPN - Very happy with endpoints stuck behind NAT, etc.  Great for road-warrior connectivity back to a known place.  Supported on various OS's, which is nice.

-----

Cisco VPN client - Available (or equivalents that mimic Cisco's IPSEC with add-ons protocol) for just about every OS out there, in some fashion.  Fast, works, super-reliable.  Requires the use of a Cisco Firewall on the far-end.  Expensive.

-----

Built-into-the-firewall (permanent link) solutions:

Linksys WRT54G - numerous alternative firmware loads available for almost all through hardware version 4.

[Version 5 changed chipset and runs on VxWorks, not Linux.  Linksys is going to market WRT54GL ("L"=Linux) for those wanting a "hackable" wireless router.]

This type of setup is "roll your own" but fairly powerful, since you end up with a small Linux machine-in-a-cheap-router after you load firmware to do it.  Very "DIY" type solution, not fast, or simple, but not super expensive either.

http://www.openwrt.org is a good starting reference point.

-----

SmoothWall - Have run one of these.  Simple setup, only supports IPSEC VPNs so both end-points must be on public Internet addresses.  Simple setup for traditional "Trusted", "Untrusted" and "DMZ" type firewall configuration if the firewall has at least three Ethernet interfaces.

A friend and I both had them running and could do anything we wanted between our houses... print to his printers, etc.  Was a very stable link.

-----

M0n0Wall - Based on BSD, has more features than SmoothWall.  Much more active development, and open-source, not a commercial "free" spinoff. Friend of mine who runs a small ISP recently ran into a scenario where he needed to protect a machine normally on a public network but he couldn't afford any downtime to install a host-based firewall on the machine.  (It was a Linux box without iptables in the kernel.... long story.)

Anyway, he set m0n0wall up in bridging mode and with the click of two cables, the server was now behind a completely transparent firewall.  Nifty.

Not sure if that helps with VPN stuff, but bridging firewalls can be REALLY useful if you can't reconfigure the network.

-----

Those are the one's I've "played" with.  There's LOTS more options.

Example: Here's one I want to play with... http://www.efw.it

I think I understand and know enough about all the various tools on Linux to do all of the stuff this thing does, but man -- seeing it all nicely integrated into one interface, and released... that's worth playing with!

Apparently, it has everything but the kitchen sink in it...

- Firewall (statefull inspection)
- Outgoing Firewall
- IPSec Gateway to gateway VPN
- IPSec Remote client to gateway VPN (roadwarrior)
- NAT
- Multi-IP address support (aliases)
- Dynamic DNS
- DMZ support
- HTTPS Web Interface
- Detailed network traffic graphs
- View currently active connections
- Event log management
- Log redirection to external server
- Server DHCP
- Server NTP
- Traffic Shaping / QoS
- Transparent POP3 antivirus/antispam proxy
- Transparent HTTP proxy
- Web Proxy with local users, windows domain, samba, LDAP, radius server management
- Intrusion Detection System
- ADSL modem support
- Configuration backup and restore
- Remote update
- SIP VoIP Proxy *NEW!*

Then you can add these other modules... I assume the anti-virus module would be VERY CPU intensive.  I wouldn't run this on a weak/old machine!

Anti-Virus:
- HTTP Antivirus
- Endian Security Tools for Windows Desktop
- Transparent SMTP antivirus/antispam proxy

VPN Gateway Module:
- Gateway to gateway VPN with OpenVPN
- Remote client to gateway VPN (roadwarrior) with OpenVPN
- Bridged and Routed VPN mode
- Endian Client VPN – Windows, Linux, MacOSX

Web Content Filter Module
- URL filter
- Web content analysis/filter
- Whitelists and blacklists management
- Web surfing time limits

Nat

2005\12\05@180031 by Gerhard Fiedler

picon face
Nate Duehr wrote:

> Cisco VPN client - Available (or equivalents that mimic Cisco's IPSEC
> with add-ons protocol) for just about every OS out there, in some
> fashion.  Fast, works, super-reliable.  Requires the use of a Cisco
> Firewall on the far-end.  Expensive.

FWIW, installing the Cisco VPN client was one of the few installations that
could almost with certainty be blamed for a Windows system so unstable that
I had to reinstall. Since I wasn't the only one with that problem, in the
end we could convince the client to set up a PPTP access...

Gerhard

2005\12\05@181813 by Nate Duehr

face
flavicon
face
Gerhard Fiedler wrote:
> Nate Duehr wrote:
>
>
>>Cisco VPN client - Available (or equivalents that mimic Cisco's IPSEC
>>with add-ons protocol) for just about every OS out there, in some
>>fashion.  Fast, works, super-reliable.  Requires the use of a Cisco
>>Firewall on the far-end.  Expensive.
>
>
> FWIW, installing the Cisco VPN client was one of the few installations that
> could almost with certainty be blamed for a Windows system so unstable that
> I had to reinstall. Since I wasn't the only one with that problem, in the
> end we could convince the client to set up a PPTP access...

Never had that problem on at least six machines, so far.

Cisco's tech support is excellent -- someone should have called them
when that happened.  They probably would have been able to fix it or
recommend a solution.

(They're not perfect, but Cisco is still a customer-focused company --
people complain about their prices, but they do support their product,
unlike many of the other networking product vendors.  I've seen Cisco
techs help people who should have never been anywhere near a network or
switch system design (no training, no clue) through getting it set up
and working -- not only working, but set up correctly with reasonable
settings for security-related items, etc... all in a day's work for
them, I guess.)

Nate

2005\12\05@184500 by Gerhard Fiedler

picon face
Nate Duehr wrote:

>> FWIW, installing the Cisco VPN client was one of the few installations
>> that could almost with certainty be blamed for a Windows system so
>> unstable that I had to reinstall. Since I wasn't the only one with that
>> problem, in the end we could convince the client to set up a PPTP
>> access...
>
> Never had that problem on at least six machines, so far.
>
> Cisco's tech support is excellent -- someone should have called them
> when that happened.  

How do you know they didn't? They did. They tried. No solution. That was a
few years ago, though, and I don't remember all the details -- only that
out of 15 or so developers ten had instable system after installing the
Cisco client that didn't go away by uninstalling it. Not really relevant
anymore, either, and especially not for Russell :)

Gerhard

2005\12\05@190939 by Nate Duehr

face
flavicon
face
Gerhard Fiedler wrote:
{Quote hidden}

Sorry, a bad assumption.  If it was a few years ago, it wasn't the Cisco
VPN concentrator 3000 and client software they bought from another
company, was it?  I had some problems with that software, but it was
just re-branded by Cisco and they immediately saw how bad it was and
end-of-lifed it.  ;-)

Nate

2005\12\05@204221 by Gerhard Fiedler

picon face
Nate Duehr wrote:

> Sorry, a bad assumption.  If it was a few years ago, it wasn't the Cisco
> VPN concentrator 3000 and client software they bought from another
> company, was it?  

No clue anymore what exact model/software that was.

Gerhard

2005\12\05@230127 by Jake Anderson

flavicon
face
The easiest way i have found to do this (and i sell this service ;->)
is ipcop.
its a fork of smoothwall with no commercial veriant (endian is based on it
too)
so its "clean" in that regard.
find 2x P1 class computers with 32mb of ram (if you want intrusion
detection)
4x NIC's (2 per PC) which can be had for $5aus 2nd hand (genuine intel and
3com not realtech crap)
1x working CD drive.

plug 2 NIC's into PC
plug CD into computer
turn on with ipcop iso in the tray
follow the prompts basically next next next ect.
take cd out reboot you have a firewall

go through services and turn everything on

repeat on other server
go into vpn fill in server details

put machines in place then setup a VNC link to a desktop at the remote site
create a new connection on both machines that "mirror" each other (its real
handy when you can look at both at the same time)
cross your fingers and make a cup of tea
your net to net connection is running.

total time ~30 minutes all up

if you want a point > net connection (ie a road warrior or a work from home
user)
then install the openVPN addon to ipcop (its a little quirky in the setup
but eh)
install openVPN gui on the client machine
download the certificates from the server (in a secure fasion of course ;->)
with the clicky link thing
copy into openvpn config folder
double click the gui, put in the password and your connected.

20 minutes then 5 minutes per user.

btw for ipcop theres copfilter which does http/pop3/imap/smtp
virus/junk/spam filtering and all that jazz
and snort and traffic monitoring and reporting tools and even asterisk (VoIP
PABX)
true QOS mods too but i dont understand that side of things enough to get
them working propperly yet ;->


if you want a hand with the setup let me know

> {Original Message removed}

2005\12\06@080509 by Gerhard Fiedler

picon face
Nate Duehr wrote:

> Quite a number of options here.  My impressions of some that have
> already been mentioned and then some more...

Another side kick thread hijack :)

Do you know any solutions that allow more than one WAN port, for load
balancing or failsafe operation?

Thanks,
Gerhard

2005\12\06@093208 by Steve Nordhauser

picon face
I think I am looking for a similar product for VPN.  I need something
that is:
- Low cost or free
- Will allow me to share a single HD with a select group of people at
other locations
- The data must be kept private from the rest of the world
- It would be nice to be able to take a portion of the disk and make it
public
- Keep the rest of my network private (can be an external router to the
solution)
- Either provide internet access for my wired and wireless machines or
allow my existing router to do this.
- I have a cable modem with dynamic IPs.
- I am moderately Windoze astute (oxymoron?) and have very basic Linux
abilities.

I've been following this thread and checked out most of the products.  
The dynamic IP serving seems to be an issue with most (or maybe I'm not
seeing the solution).  I found no-ip.com which provides a free IP
forwarding system for windoze, but I'm not sure if there is a better
solution.
Thanks,
Steve

{Quote hidden}

2005\12\06@095920 by Russell McMahon

face
flavicon
face
> - Low cost or free
> - Will allow me to share a single HD with a select group of people
> at other locations
> - The data must be kept private from the rest of the world
> - It would be nice to be able to take a portion of the disk and make
> it public
> - Keep the rest of my network private (can be an external router to
> the solution)
> - Either provide internet access for my wired and wireless machines
> or allow my existing router to do this.
> - I have a cable modem with dynamic IPs.
> - I am moderately Windoze astute (oxymoron?) and have very basic
> Linux abilities.
>
> I've been following this thread and checked out most of the
> products.  The dynamic IP serving seems to be an issue with most (or
> maybe I'm not seeing the solution).  I found no-ip.com which
> provides a free IP forwarding system for windoze, but I'm not sure
> if there is a better solution.

An http server meets all the above needs on a read only basis.
I'm using Apache to do this now under windows.
Mine is working well with no-ip
See

       http://others.servebeer.com

This is mapped as W: on my network. You can (hopefully :-) ) see only
files which I have made public.

Not as flexible a service as the full VPN I am seeking (and which
several answers have addressed) but accessible with no special actions
from the remote locations. Apache passwords allow you to make
information private or public as required. This requires only free
software and no extra hardware beyond the existing DSL modem router
and the PCs on the network. While you can dedicate a PC to running
Apache if you wish, it also runs stably on a desktop PC which is in
general use.




           RM





.


.

2005\12\06@125932 by Steve Nordhauser

picon face
{Quote hidden}

An http server meets all the above needs on a read only basis.
I'm using Apache to do this now under windows.
Mine is working well with no-ip
See

       http://others.servebeer.com

This is mapped as W: on my network. You can (hopefully  :-)  ) see only
files which I have made public.

Not as flexible a service as the full VPN I am seeking (and which
several answers have addressed) but accessible with no special actions
from the remote locations. Apache passwords allow you to make
information private or public as required. This requires only free
software and no extra hardware beyond the existing DSL modem router
and the PCs on the network. While you can dedicate a PC to running
Apache if you wish, it also runs stably on a desktop PC which is in
general use.

           RM

__________________

RM,

Cool.  Last time I talked to no-ip, they weren't supporting Linux.  They do now.  That helps.  Unfortunately, your server link just times on me.
No beer for me I guess.
I've been looking for an excuse to play more with Linux.  I guess this would do it.  Although you said Apache under windows - I will have to check that out too - I've always thought Apache was Linux only... my wall of preconceived notions is tumbling down...
A bit scaring but the gold always is uncharted waters....
Thanks,
Steve

2005\12\06@130313 by Sean C. Malloy

picon face
Steve wrote:

> The dynamic IP serving seems to be an issue with most (or maybe I'm not
> seeing the solution).  I found no-ip.com which provides a free IP
> forwarding system for windoze, but I'm not sure if there is a better
> solution.

There are several companies that will do dynamic DNS.  Some are free,
or nearly so.

tzo.com is one; dyndns.org is another.  Personally, I use dyndns.org
(your 1st address is free!) along with a Linksys WRT54G router running
the Talisman firmware from Sveasoft (which will automatically update
dyndns.org when my IP changes).  This way I don't have to run an
application on a Windows machine in order to keep my DNS record
up-to-date.

The Talisman firmware claims to automatically connect to commercial
VPN systems, but I've not tried this.  I imagine that it's also
possible to set up 2 Talisman routers to act as VPN servers.

It also sounds like some of what's been talked about on here could be
accomplished with an ssh server and the use of port-forwarding (or
scp, or sftp, etc), rather than a full-blown VPN.  An OpenSSH server
can be run as a service under Windows if you install the Cygwin
(http://www.cygwin.com) package (which is free!).  Of course, OpenSSH runs
under most variants of Unix.  And I like PuTTY as a free windows ssh
client.

Installation and configuration of OpenSSH, Cygwin, the Talisman
firmware, etc. is left as an exercise for the interested reader.

--
Sean C. Malloy                        @spam@smalloyKILLspamspamio.com

2005\12\06@140356 by Mike Hord

picon face
> I think I am looking for a similar product for VPN.  I need something
> that is:
> - Low cost or free
> - Will allow me to share a single HD with a select group of people at
> other locations
> - The data must be kept private from the rest of the world
> - It would be nice to be able to take a portion of the disk and make it
> public
> - Keep the rest of my network private (can be an external router to the
> solution)
> - Either provide internet access for my wired and wireless machines or
> allow my existing router to do this.
> - I have a cable modem with dynamic IPs.
> - I am moderately Windoze astute (oxymoron?) and have very basic Linux
> abilities.

Look at Waste.  A friend recommended it to me today as a means
for creating small private networks of shared files amongst non-
colocated users.

waste.sourceforge.net

Doesn't seem to do actual "networking", per se, but as I had it
explained to me, upon boot, the remote users' PCs are mounted
as disk drives on your PC (say, as the X: drive).  Could be handy.

Mike H.

2005\12\06@141721 by Timothy Weber

face picon face
Steve Nordhauser wrote:
> RM,
>
> Cool.  Last time I talked to no-ip, they weren't supporting Linux.  They
> do now.  That helps.  Unfortunately, your server link just times on me.
> No beer for me I guess.

I'm using no-ip.com in the same fashion for <http://ship.no-ip.org> and
<http://6sys.no-ip.info/~tjweber/gallery/>.  I've had good experience
with them for what, maybe a year or two.

(Not that going to those sites will tell you much, but I thought I'd
post 'em just to prove it works.)
--
Timothy J. Weber
http://timothyweber.org

2005\12\06@152026 by Nate Duehr

face
flavicon
face
Gerhard Fiedler wrote:
> Nate Duehr wrote:
>
>> Quite a number of options here.  My impressions of some that have
>> already been mentioned and then some more...
>
> Another side kick thread hijack :)
>
> Do you know any solutions that allow more than one WAN port, for load
> balancing or failsafe operation?
>
> Thanks,
> Gerhard

Hmm, not sure if any of the pre-packaged ones would support that.

Maybe I should ask first: Are you looking for redundancy just for the
NIC, or for the whole network connection -- i.e. are you routing to two
different carriers?

The Linux-HA project has various daemons and scripts available that can
deal with IP takeover if a NIC is dead, depending on how you want to
monitor it.  You can even do IP-takeover between servers if you're
looking for server redundancy.

http://www.linux-ha.org

If you meant upstream link redundancy, the problem there is not the
router having two NIC's, it's having a routing protocol to tell the
upstream's where to send your traffic.  Typically BGP would be used for
that, and your organization would need an AS number, so you could have
multiple carriers route your traffic to you via multiple IP's/links.

Different problems doing different types of redundancy, and different
solutions out there, but I doubt that any of the "pre-packaged" SOHO
stuff will have it built-in other than that the tools may be available
to roll-your-own.  Perhaps I'm wrong, and someone's disc has all of it
integrated in some fancy GUI, but I doubt it.

Realistically -- if you're to the point where you need that level of
redundancy, the system should be making enough money to afford to
install a "real" router (i.e. Cisco... heh... yes, I'm a fan) and/or a
hardware load-balancer.

All of this stuff can be done "by hand" on the cheap, held together with
duct tape and bailing wire, but at some point it's better to throw money
at the problem and hire someone who can design and engineer a solid
network configuration using "standard" devices.

If you're just looking to give say a small home office's link
redundancy, it's not worth it anymore, really.  Virtual servers already
sitting in more redundant/more protected/highly monitored data centers
are getting so cheap these days, that rolling a solution for a redundant
small network is... ironically, redundant... unless you REALLY need to
stay on some legacy network or IP range or something like that.

I can discuss more off-list if you want - this one's headed [WOT] as
Russell would say.  ;-)

Nate

2005\12\06@152206 by Gerhard Fiedler

picon face
Sean C. Malloy wrote:

> It also sounds like some of what's been talked about on here could be
> accomplished with an ssh server and the use of port-forwarding (or
> scp, or sftp, etc), rather than a full-blown VPN.  

If it's only about file access, I would run a (secure) FTP server rather
than a VPN or ssh. I'd run a (non-secure) FTP server behind the VPN anyway
for remote file operations...

(There's a reason this protocol is called File Transfer Protocol :)

Gerhard

2005\12\06@154324 by Nate Duehr

face
flavicon
face
Steve Nordhauser wrote:
{Quote hidden}

Breaking this down, there's really two problems here -- a network
problem (building a VPN to a private network that has a non-static
public IP address), and an application layer problem (what server to run
to share files with others and how to set it up).

With a working VPN, your machines "outside" the secured network look
just like they're sitting right there next to the secured machines.

Once you get a VPN working, you can then connect to ANY type of server
on that private network, securely and encrypted.

To do what you're wanting to do with virtually NO additional cost, I'd do:

- If the router you're using doesn't do VPN stuff, just leave it in
place (it works, why break it), and...

- If your IP address on the EXTERNAL interface of your router starts
with 10.x.x.x, 172.16.x.x through 172.31.x.x, or 192.168.x.x -- stop.
Your ISP didn't give you a real IP address and they're NAT'ing you
somewhere, it'll never work.  You'll have to buy or beg a real IP out of
them.  (If you don't understand the difference between public and
private-side IP addressing schemes, see RFC 1918 -
http://www.faqs.org/rfcs/rfc1918.html)

- Pick a VPN technology you understand or are willing to take the time
to learn, and install it on an internal machine on a static non-changing
internal address.  It's important its address doesn't change.  Lock it
down by MAC address in the DHCP settings of your router if you're using
DHCP and want to continue using it -- or just set it statically...
either is the same effect.

- Port-forward the appropriate ports through your existing router to
allow VPN traffic through to that machine.
http://www.portforward.com/routers.htm may be helpful for generic
instructions for your particular router.

- Use a service like the one you found, no-ip.com or dyndns.org to tie a
DNS name to your ever-changing real IP address.

- Connect any machine elsewhere via your chosen VPN client software to
the NAME you created, via the ports you forwarded to the internal machine.

That will get your "outside" clients connected to your "internal" network.

ALTERNATELY: Replace your router with one of the applications mentioned
in this thread earlier that have built-in support for something widely
used like OpenVPN so you can get help with it from the Net.

Next you address the other problem -- what application to use to share
files.  There's, literally hundreds of choices.

- Either that machine (or any other) on the internal network can then
run, Windows File Sharing (Samba on Linux), NFS, FTP, SSH/SCP, HTTP/DAV,
a Content Management or Document Management package running on a
webserver internally -- whatever... doesn't matter once you have a way
into the network.  It can be as fancy or as plain-jane as you like.

- A simple, maybe even "slick" solution for a simple setup might be to
simply buy something like the Buffalo NAS storage device that sits on
your network and provides disk space... nothing fancy, just a big fat
disk in a small box on the network.
http://www.buffalotech.com/products/product-detail.php?productid=71&categoryid=10

[There are other manufacturers making similar products, I just know
about the Buffalo.]

If not something "plug and pray" like the Buffalo, then authentication
and sharing are another level of your design requirements... whatever
server type you choose will determine how you set up users to share the
data.  Do you need backups so when someone (inevitably) blows away all
the files?  Etc. Etc. Etc.

(Welcome to Data Integrity Engineering and IT System Administration.
Two drink minimum, pay at the door!)  :-) :-) :-)

Another final note: Running servers like this may violate the Terms of
Service of your Residential ISP service.  Check your contract, and
expect consequences if you fly above their radar by pushing tons of
traffic, etc.

You *can* do all of this by putting each portion of it together piece by
piece on a Linux box, but unless you're dying to learn that much
Unix/Linux -- taking the two problems apart into two separate issues
(network, and server) makes it possible for you to use the free/cheap
"appliances" to fulfill the same end goals.

Hope that's helpful.

Nate

2005\12\06@155839 by Nate Duehr

face
flavicon
face
Steve Nordhauser wrote:

> I've been looking for an excuse to play more with Linux.  I guess this
> would do it.  Although you said Apache under windows - I will have to
> check that out too - I've always thought Apache was Linux only... my
> wall of preconceived notions is tumbling down...

The Apache Foundation's httpd server is available for a huge number of
OS's...

Windows versions of Apache from their website are even packaged as MSI
files.  ;-)

You can see all the OS's Apache officially supports with binary packages
on one of their mirrors like:

ftp://ftp.tux.org/pub/net/apache/dist/httpd/binaries/

The Apache Foundation funds and supports a lot more than just webserver
(httpd) software these days...

http://www.apache.org/foundation/projects.html

Nate

2005\12\07@124527 by Steve Nordhauser

picon face
Nate and everyone else - thanks for a wealth of information.  I tried bouncing around the 'net for awhile looking for solutions but this group gave me more pertinent answers in a day than I found in a month.
You are excellent,
Steve

Subject: Re: [EE] VPN solution wanted


Steve Nordhauser wrote:

>> I think I am looking for a similar product for VPN.  I need something
>> that is:
>

More... (looser matching)
- Last day of these posts
- In 2005 , 2006 only
- Today
- New search...