Solved

VPN / Security

Posted on 2015-01-17
11
245 Views
Last Modified: 2015-01-28
Hi

I am trying to secure a small network with a few servers.  I want to setup a vpn for remote access, something open source and also ensure only locations allowed to access from certain locations.   I do not want to use ip security as some of the remote sites will have dynamic ip's.  Does anyone have any idea's?

thanks
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 333 total points
ID: 40555629
Best to get Static IP (External) if you can. Otherwise use DynDNS to fake a static IP.

Then put in a VPN router and provide access only to the users you wish. This will be secure.
0
 

Author Comment

by:Jack_son_
ID: 40555676
great, some of the remote people will have dynamic ip's, so dyn DNS will work for that?
0
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 333 total points
ID: 40555678
It the remote people have dynamic IP address and use a Client Application to access the VPN, it should work fine. I have done that a while back.
0
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

 

Author Comment

by:Jack_son_
ID: 40555702
The only issue is I want to only allow about 7 users ip addresses from specific locations.   How could this be managed easily?
0
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 333 total points
ID: 40555707
Restricting to 7 users is very easy. They need user names and shared secret to access. Adding all the possible IP locations would be a nightmare. You would need a policy for every possible IP. Since the users can move around (that IS the point of client software) then they would have to tell you where they are.

User name and shared secret should work just fine.
0
 
LVL 37

Expert Comment

by:bbao
ID: 40555722
may i know the available platform for building the VPN solution? Windows? Linux? OS X? or simply hardware based using your exisiting router?
0
 

Author Comment

by:Jack_son_
ID: 40555723
windows or linux would be the available platform
0
 
LVL 37

Assisted Solution

by:bbao
bbao earned 83 total points
ID: 40555760
regarding VPN solutiions not based on IP Sec, for Windows platforms from NT4 to today's 2012 they all support PPTP based VPN though the recent versions is much better in terms of performance, reliability, secuirty and management capability. The most good points are the solution is built-in and free of charge, and has been proved workable in dynamic IP scenarios.

for Linux, PPTP VPN servers are also available in most distributions. check your version's release notes and manuals for more information.
0
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 333 total points
ID: 40555782
It is easiest just to use a hardware VPN box for the office solution and let people remote in. I do this all the time.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 84 total points
ID: 40557276
Is user/certificate sufficient for security in your case? Guess so, as you do not gain security by restricting public and dynamic IP addresses.
IPsec works with dynamic IPs, btw.  Only site-2-site tunnels are restricted to that regard.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 40575369
@Jack_son_  - Thanks and I was happy to help you with this.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question