[geeks] VPN suggestions

Phil Brutsche geeks at sunhelp.org
Fri Apr 13 00:02:24 CDT 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A long time ago, in a galaxy far, far way, someone said...

> They dont have any kind of a central "router" or "gateway" - they've
> just got a SDSL connection from their ISP and their systems are
> basically sitting ducks on the 'Net, using only password
> authentication for the file sharing.

What are they worrying about security for?  They don't have any now.

> I can probably switch them to some kind of NAT setup (private network
> sitting behind a single box that has a "real" IP), but how much of a
> wrench will this throw into the "Remote access to network for
> filesharing" machine?

None at all.

> Any suggestions appreciated.  I'm trying to do this as cheap as
> possible (I've thought of using a PPro or older PII box with OpenBSD
> and Samba..).

1) Linux + PoPToP (PPTP software).  Encryption won't work worth a crap
   unless you wanna patch pppd.

2) Something with IPsec (OpenBSD, maybe FreeBSD, maybe Solaris, Linux if
   you wanna patch the kernel) + PGP's IPsec client.

3) Cisco PIX, but you'll need to get the DES license at a minimum, the
   3DES license if you want encryption worth a crap.

4) If they've got a NT Server machine you can put up a *basic* PC (aka
   grab the slowest spare PC they've got, unless the slowest they've got
   is a low-end PII :) ) and forward the 1723/tcp & GRE packets back to it.
   Works great with Linux, dunno about anything else.

5) One of those little Linksys firewall thingies - the current firmware
   can forward IPsec & PPTP packets, dunno how well though.

What would you need Samba for?

> I quoted them a nice hardware solution from Network Associates for
> around $2500, and got laughed at...

The Cisco might be out of the question, then.

- -- 
- ----------------------------------------------------------------------
Phil Brutsche				    pbrutsch at tux.creighton.edu

GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE61ohj/ZTSZFDeHPwRAuFPAKCjM5z34u98a/XLtVTsJiPYBP9apgCfQoxt
8YIKrb/boxwM0f+5hhme5bk=
=SGtI
-----END PGP SIGNATURE-----

More information about the geeks mailing list