Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linux vpn, pptp, firewall, and nat 1

Status
Not open for further replies.
RandyRiegel

RandyRiegel

Programmer
Sep 29, 2003
256
US
I need to setup a VPN on my network so that any client can access it. The clients will be Windows and Linux machines. I currently have Firestarter as my firewall w/ NAT enabled to share internet with my LAN. So my main concern is a VPN that will work w/ this firewall and I assume from what I've been reading that the VPN will need to use PPTP protocol to talk to Windows machines. I've never set up a VPN and would like one that is easy to install and configure possibly through Gnome. Any help would be appreciated. Thanks in advance.

Randy
randy@riegel-online.net
 
Sort by date Sort by votes
Few more questions. The HOWTO and INSTALL instructions on the site don't go into great detail.

1. Can I install this on the same machine as my firewall? I'm assuming I can. And I just tell my firewall to allow UDP?

2. Will each user that will log into my system need me to assign them a IP for the local network? My network is 192.168.0.x, so I could set asside 192.168.0.200 - 192.168.0.254 for VPN users?

3. What needs to be install on Windows machines in order for them to access the VPN? Do I need to install the Windows version of OpenVPN on each of those clients?

Thanks,
Randy
 
Upvote 0 Downvote
1) Yes. Open UDP port of your choosing and tell OpenVPN about in the config.

2) From a practical standpoint, OpenVPN leverages ports, not IPs. You could mix the combination of IPs and Ports to suit your needs. You might find that on IP and many ports is sufficient. DISCLAIMER> I have no idea what performance implications are of trying to run 50 concurrent VPN sessions with this product. CPU is an important consideration for the VPN server.

3) Yes, Windows OpenVPN and the approriate config/key setup.

I recommend using the static method of linking the keys.
I also recommend using the "stay-up" method on the server to keep the ports active and listening. This accomodates DHCP on the clients.


Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
Thanks alot. I was just curious about the sessions, I doubt that I'll ever have more than 2 or 3 concurrent sessions. Thanks alot for you help, I think I'm actually beginning to understand how to set this thing up :) One thing I do see is that all the configuration of OpenVPN has to be done by editing files and/or scripts? Is there any graphic setup type programs w/ it?

I see things about IP tables firewall. Does my firewall need to use iptables? I'm not sure if it does or not I'll have to look.

Randy
 
Upvote 0 Downvote
No there is no GUI (to my knowledge). Written by linux-heads who think in text mode.

IPTables is the linux firewalling "language". However, you need not use that firewalling technique. Merely open the UDP port(s) you want to use.


Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
One more question. How does OpenVPN authenticate you. Do I have to create a user account for each individual wanting to access the network. Reason I ask this is the network I'm putting the VPN on has a SCO Openserver server running Advanced File & Print Server (like Samba) which makes the network think it is a Winnt server. Will the linux box acting firewall / VPN authenticate me then the SCO server will do what it needs to do also to authenticate it's users? or will I just get the Microsoft Network login screen like I do when I boot my computer here now?

Randy
 
Upvote 0 Downvote
There is ZERO relationship between OpenVPN and ANY of your authentication schemes. Well, that's not entirely true, but unless you fuss with Kerberos or something.....

Anyhow, all the OpenVPN permits is to create a trusted network link between the client and the server. The server and its firewall rules (and subsequent downstream firewalls, authentication, etc.) must treat this user and an untrusted, unauthenticated user.

Keep in mind that someone can steal the laptop or the key from from the OpenVPN install and put up a VPN link to your network. You are still responsible for making sure the user is entitled to whatever may be appropriate.

Think of it like running a dialup modem pool. You create an access method to the network, but the authentication systems for file shares, applications, etc. are still enforced.

Trust no-one. :)

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
ok, think i got it. VPN in no way authenticates you. You are just connected to the network. Then I'm assuming when you try to map a share or something THEN whatever takes care of that process on the LAN does the same for you.

Randy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
400
kristiandg
kristiandg
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
541
SamBones
SamBones
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
297
bhuv560
bhuv560
SamBones
  • Locked
  • Question
Linux 7 Installation Failures 1
Replies
3
Views
490
SamBones
SamBones
Edwin Reyes
  • Locked
  • Question
High CPU utilization Linux Server due to mysql
Replies
1
Views
375
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top