[lug] VPN solution

dio2002 at indra.com dio2002 at indra.com
Thu Jan 24 17:09:19 MST 2008 

i'd love more detail!

in particular more specifics or actual instructions for setting up putty 
for the secure tunnel with no terminal on the loopback address with the 
shared key and then making it into a one click desktop shortcut.  if 
it's possible to save the session settings in putty maybe you can attach it?

to clarify what you stated below you actually *are* giving the users ssh 
access, you're just not providing them with a shell.

Ben wrote:
> This isn't a VPN solution, but it works for me. I use putty to create a 
> secure tunnel between remote windows clients the samba server. Then 
> windows clients access the files via "\\10.1.0.1" where that ip address, 
> 10.10.1. is a loopback interface on the windows box that putty tunnels 
> to my samba server. It's a little tricky to setup on the windows side 
> the first time, but after that, it is just one icon for putty and then 
> they have fully access to the samba box. (Also works great from linux 
> where sshfs , etc don't work if you want to maintain samba acl permissions)
> 
> For security, I create a user "remotesamba" that has no shell, etc, 
> (putty is setup to not allocate a terminal) and then give each remote 
> user a ssh-key linked with remotesamba to use. This way, they don't need 
> another password to remember, and I don't need to give users shell/ssh 
> access to the server. And I can revoke their access if I need to.
> 
> I can go into more detail if you want.
> 
> Ben
> 
> 
> George Sexton wrote:
>> I need to come up with a solution to allow remote windows clients 
>> network access to my Linux samba server.
>>
>> I've just spent a day trying to get pptpd to work and I've finally 
>> given up.
>>
>> I'm looking at the documentation for openvpn and it looks like openvpn 
>> is pretty comlpex to configure as well. I would really like to avoid 
>> travelling to the various remote sites to setup the VPN client, which 
>> it looks like OpenVPN would pretty much require.
>>
>> Since I really don't have another day or three to devote to this, can 
>> anyone recommend a commercial hw solution that will actually work?
>>
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list