Solved

Build VPN Server & Client

Posted on 2006-07-11
8
272 Views
Last Modified: 2010-03-18
I would like to know how to build VPN Server within the RedHat Enterprise Linux and VPN cient can be Windows & Linux to connect to VPN Server.

Assume that I have a LAN: Windows 2003 as DC+File Server IP: 192.168.1.1, Linux Mail Server (Sendmail+Dovecot) IP: 192.168.1.2, Linux Proxy+Firewall+VPN server with 2 NICs( Local IP: 192.168.1.254 & External IP: 202.79.26.189, and another 3 client machines IP: 192.168.1.5-7.

So, what is the configuration so that the client from outside LAN can connect to office to access the file, email.

Please help & advice.

Thanks,
VNK
0
Comment
Question by:svannak
  • 3
8 Comments
 
LVL 24

Expert Comment

by:slyong
ID: 17087553
I personally find that OpenVPN is quite easy and suitable.  Have a look at http://openvpn.net/ and it even has got Windows GUI client... http://openvpn.se/
0
 
LVL 40

Accepted Solution

by:
noci earned 100 total points
ID: 17095380
Did you lookup openswan?

http://www.openswan.org there also is a lot of information with interoperability with all kinds of appliences and "BIG" firewall's
It uses IPSEC, one of the prerequisites for building an ipv6 infrastructure.
0
 

Author Comment

by:svannak
ID: 17112860
I am not sure both openVPN & OpenSwan, but I may interested in OpenSwan because it uses IPSEC as I put much on security.

I am not sure how to configure OpenSwan based on my mentioned on the information above.

Hope you can help and show how to configure or give the instructions?


Thanks,
VNK
0
 
LVL 40

Expert Comment

by:noci
ID: 17117967

Assume that I have a LAN: Windows 2003 as DC+File Server IP: 192.168.1.1, Linux Mail Server (Sendmail+Dovecot) IP: 192.168.1.2, Linux Proxy+Firewall+VPN server with 2 NICs( Local IP: 192.168.1.254 & External IP: 202.79.26.189, and another 3 client machines IP: 192.168.1.5-7.

So, what is the configuration so that the client from outside LAN can connect to office to access the file, email.

Open swan: if used everywhere.... (it will know if it is the server by the left= line, if that isn't a local interface, then you're right....)

ipsec.secrets:
---8<---
me@central.place someone@somewhere.need.access: PSK "This needs to be a rather long *random* string as it is a key, some appliences may restrict it"
---8<---

ipsec.conf:
---8<---
conn any2central:
     auto=start
     leftid=me@central.place
     left=202.79.26.189
     leftsubnet=192.168.1.0/24   # might restrict this to 192.168.1.0/252    (4 addresses 192.168.1.X where X=0, 1, 2, 3)
     leftsourceip=192.168.1.254
     rightid=someone@somewhere.need.access
     right=0.0.0.0
     keylife=28800                    # in seconds
     pfs=yes                             # uses Diffie Hellman 2 key for elongation.., can be left out. (perfect forward security)
     authby=secret                    # use preshared secret
---8<---
Ther is more to choose from, depending requirements.
 
0
 
LVL 40

Expert Comment

by:noci
ID: 17344155
The openswan solution in itself is valid, I don't know if svannak choose to use it.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
squid3 ntlm and itunes authentication 5 85
connect an Odroid to Windows PC via ethernet cable? 14 320
Linux Login using LDAP or Active Directory 4 124
FTP output from Wireshak 6 87
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question