[lug] VPN suggestions

Dan Ferris dan at usrsbin.com
Thu Jun 15 22:23:31 MDT 2006 

I got tired of the grief, but L2TP over IPSEC worked over my access point.

I kind of took it to an extreme and ended up with a Linux firewall that 
would redirect you to a dedicated web page telling the use to buzz off.  
Then I ran snort on the firewall looking for DHCP requests.  It was fun 
to screw with my neighbors...

Dan

D. Stimits wrote:
> Jason Vallery wrote:
>
>> Hi all,
>>
>> I know various components of this question have been covered 
>> recently, so I apologize ahead of time for the duplication.  Even 
>> reading over all the discussions I haven't been able to come up with 
>> a good solution for my VPN needs.  I thought I would toss my 
>> situation out here and see if I can get some good comments on what 
>> would work best for me.
>>
>> I have 3 servers, in 3 physical separate locations all running CentOS 
>> 4.3.  Two of the servers sit in data centers and have their own 
>> dedicated IP addresses behind IP tables.  These boxes are doing 
>> generally mundane things like email and web serving.  I have one 
>> additional server that I use for testing and development that sits in 
>> my house.  In my house I have a standard plain old cable connection 
>> from Comcast, connected to a WRT54G running the latest Sveasoft 
>> firmware (which has VPN capabilities built in).  Behind that sits the 
>> server, and all of my desktop machines (a blend of OS X and 
>> Windows).  I've been playing with Hamachi and I like it.  I really 
>> only have two major complaints about it, and those are that every 
>> client in the network must also have the Hamachi client running, and 
>> that the clients communicate over a separate "internal" IP address 
>> and I can't seem to do name resolution.
>>
>> My ideal solution would be something that:
>>
>>     *  Links my 3 servers together
>>     *  Bridges my server at home to my local LAN (allowing me to
>>       connect from within my home network without client software)
>>     *  Everything would be nicely encrypted
>>     *  I could access the same VPN from remote locations like coffee
>>       shops, and route my Internet traffic out of one of the servers
>>       in the data center (or my house if I have to, but the connection
>>       to my production servers is obviously much faster)
>>
>
> I'm also interested in this...I've come to the conclusion though that 
> there probably isn't a wireless access point which can natively run a 
> radius server (unless perhaps there is a device that can have linux on 
> it and which has two interfaces which can bridge?), at least not for 
> the sub-$1000 range (and no, I would not buy one for anywhere near 
> that :P).
>
> But...if a wireless access device were to require passing through a 
> dedicated firewall device which in turn *does* have something like 
> IPsec and/or radius, this would be just as good. Can anyone recommend 
> a dedicated firewall device that runs a radius server natively, and 
> which can bridge? If not, are there recommendations on IPsec dedicated 
> firewall devices that play nicely with linux?
>
> D. Stimits, stimits AT comcast DOT net
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>

-- 
All work and no play makes Jack a dull boy.
All work and no play makes Jack a dullboy.
All work and no play makes Jack a dull boy.
All work and no play makes Jacka dull boy.

More information about the LUG mailing list