[lug] VPN suggestions

D. Stimits stimits at comcast.net
Thu Jun 15 19:18:37 MDT 2006 

Jason Vallery wrote:

> Hi all,
>
> I know various components of this question have been covered recently, 
> so I apologize ahead of time for the duplication.  Even reading over 
> all the discussions I haven't been able to come up with a good 
> solution for my VPN needs.  I thought I would toss my situation out 
> here and see if I can get some good comments on what would work best 
> for me.
>
> I have 3 servers, in 3 physical separate locations all running CentOS 
> 4.3.  Two of the servers sit in data centers and have their own 
> dedicated IP addresses behind IP tables.  These boxes are doing 
> generally mundane things like email and web serving.  I have one 
> additional server that I use for testing and development that sits in 
> my house.  In my house I have a standard plain old cable connection 
> from Comcast, connected to a WRT54G running the latest Sveasoft 
> firmware (which has VPN capabilities built in).  Behind that sits the 
> server, and all of my desktop machines (a blend of OS X and Windows).  
> I've been playing with Hamachi and I like it.  I really only have two 
> major complaints about it, and those are that every client in the 
> network must also have the Hamachi client running, and that the 
> clients communicate over a separate "internal" IP address and I can't 
> seem to do name resolution.
>
> My ideal solution would be something that:
>
>     *  Links my 3 servers together
>     *  Bridges my server at home to my local LAN (allowing me to
>       connect from within my home network without client software)
>     *  Everything would be nicely encrypted
>     *  I could access the same VPN from remote locations like coffee
>       shops, and route my Internet traffic out of one of the servers
>       in the data center (or my house if I have to, but the connection
>       to my production servers is obviously much faster)
>

I'm also interested in this...I've come to the conclusion though that 
there probably isn't a wireless access point which can natively run a 
radius server (unless perhaps there is a device that can have linux on 
it and which has two interfaces which can bridge?), at least not for the 
sub-$1000 range (and no, I would not buy one for anywhere near that :P).

But...if a wireless access device were to require passing through a 
dedicated firewall device which in turn *does* have something like IPsec 
and/or radius, this would be just as good. Can anyone recommend a 
dedicated firewall device that runs a radius server natively, and which 
can bridge? If not, are there recommendations on IPsec dedicated 
firewall devices that play nicely with linux?

D. Stimits, stimits AT comcast DOT net

More information about the LUG mailing list