Solved

VPN between two firewalls

Posted on 2000-03-12
5
236 Views
Last Modified: 2010-03-18
I have two 2.2 Linux machines acting as ipmasq firewalls in two different locations.  Both have permanent internet connections.  I would simply like the firewalls to securely route traffic between each other.  
What are my options?  Can you point me to a good source of information, other than the Linux HOWTOs?
0
Comment
Question by:hansendc
  • 3
5 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 2610260
In addition to the methods described in the various VPN HowTo's there's FreeS/WAN (http://www.xs4all.nl/~freeswan/).
0
 
LVL 1

Author Comment

by:hansendc
ID: 2610616
Although that looks like a very viable solution, I would prefer something that doesn't require kernel patching.  I get nervous adding extra stuff into the kernel.  
Is the IP tunneling stuff in the kernel for VPNs?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2610813
Seems to me that the basic facility is there, but it's not usually enabled by default. So in a way that's kind of a kernel patch also.

I can understand your reluctance to fiddle with the kernel. But if the patch is in reasonably widespread use without any reported problems it's probably a low risk. Something that looks quite attractive to me, and that I've been playing around with is the Linux Router Project (LRP). The blurb on it is at http://www.linuxrouter.org/.  Basically you take a 486 or better with a floppy drive and make it into a dedicated router that can do a number of additional things (firewall, IPMasq, caching or nornal DNS, etc).

I'm in the process of trying to build one onto a 200Mhz pentium board using an LS-120 for the boot medium as I've outgrown a floppy. I think a 2.88 super floppy would be okay, but I have the LS-120's and don't have any super floppies. My goal is to have a zero maintenance 7/24 box that can be remotely administered and will do:

IPMasq/firewall to the Internet
DNS for my internal net & forwarder
DHCP server for local net
FreeS/WAN IPSEC to my Cisco 7200 at work.

I could do a Linux VPN with a pair of the boxes, but I'd rather get FreeS/WAN onto it so that I only have to do one side.

It might be worth looking into.
0
 
LVL 8

Expert Comment

by:stefanx
ID: 2617591
Excuse the ignorance - what's an LS-120 ?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2617837
LS-120, aka Floptical drive, aka Super-disk. It's a drive that can read/write standard 1.44Mb floppies and with LS-120 media read/write 120Mb diskettes. Go to http://www.imation.com/products/data/content/0,1011,1031,00.html for a complete description.

I love 'em... As I've replaced my older MB's with those that support the LS-120's in the bios as a boot media I've also replaced the floppies with LS-120's. It gives me a very convenient way to move modest sized data chunks around (and doesn't do a bad job at small backups). And they're fast, really, really fast compared to a floppy.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now