Hello

I would like to set up a VPN server on my Gentoo server so that I can access files when I'm out of the house, say at a friend's house.

Here is the setup

Site 1: My home

Gentoo server - which will become the VPN server
|
|
Linksys router - this routes the ADSL broadband, and has IPSec Pass-Through and PPTP Pass-Through options
|
|
|
Big Bad Internet
|
|
|
Site 2: friend's house
Linksys Router - lets just assume it is identical to mine
|
|
My friend's PC - this is trying to access my Gentoo server

Is the above setup possible? I mean, is it possible to have the VPN server behind the Linksys router?

Thank you

Hamish

Why not just enable ssh to access files, login, etc? Much easier setup than dealing with VPN on a simple network.

Hey

I want to learn VPN as I would like to set this same setup up for my two offices. This will be a trial

hamish

Hamish, if they're both going to be linux boxes, and you want to bridge two networks, then you could look at using ssh+pppd to accomplish what you want. Basically, you pipe the PPPd output through the ssh connection you make, and it does all the link-layer handling. Then just specify a route between your two networks. Voila!

If you're looking to complicate things, go ahead and spend the five or six days it will take to get pptpd to play nice with linux + windows, et. al.

hey

no, they won't both be linux. Basically, I'll probably be in the situation where we want to be able to access the server (and mount its shares) . the clients will all be windows.

This is why I htink that I need VPN

hamish

I agree, this sounds like a VNP situation. I'd go with IPsec since the MS VPN client will work. What will it take to get it going? Good question. I've used FreeSwan configured with Webmin. I've not configured it to work with MS thought... I've heard it can be done easily.

That being said, you can do this with SSH, sftp, ect. There is a CD called XFreeCD that gives you a bash shell in Windows so you have a very Linux like enviroment to allow you tools like scp, sftp, ssh, etc. I use this solution and it works out GREAT for me.

MrKnisely

L2TP/IPSec VPN is very interesting but also very difficult to set up. I haven't had any luck setting one up yet. In any case, if you want to access your Gentoo VPN server from behind your firewall, you may have to put in in the DMZ (Demilitarized Zone). However, doing that completely exposes your computer to the Internet so you will have to take precaution to lock it down.

L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.

Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.

MrKnisely

Hey

great! At least now I know what I need to do, I just need to work out how to do it!

I can easily forward to ports on the router, so no problems there. Basically, it sounds like I have all the gear that I need, I just need to find some documentation and make it work.

Thanks again
hamish

In fact, all that aside, can anyone recommend a vpn router (eg a linksys router box thingie) in case I can't get this working?

hamish

I can recomend any of the Linksys VPN router devices with the exception of the 8-port device. There seems to be a bug in the 8-port firmware version. This is as of about 3 months ago, so check for a firmware update more recent than that; if it's there I'll recomend all of them.

A co-worker of mine setup a VPN between two offices of a friends business using these. They are very user friendly, and the client works like a charm.

MrKnisely

Hi,

I basically have the same problem: Accessing a Linux server from outside a router. I have a DLink router and have done port forwarding to the Linux server's local ip address (e.g. 192.168.1.10) and assigned it port 7010.

It's okay when I access the Linux server from another PC (running XP) within my local network. It gives me the Apache server page, no problem.

When I try accessing the Linux server from outside of the router (i.e. Internet) through the router's IP address that my ISP assigns (for example: 84.23.49.20:7010), it gives me the 'Page cannot be displayed' error.

I am sure port forwarding works because I have an IP Camera connected on my local network as well and I have a port redirected to it and I can see my camera from my office.

Please help me.

Hmmm... You've got TCP 7010 forwareded to the internal ip of your webserver on tcp 80, right?

Or did you edit apache to listen on port 7010?

MrKnisely

Hi,

I just forwarded the port 7010 to the internal ip address of the Linux server (192.168.1.10).

I did not edit Apache at all.

Can you please tell me the required steps to configure Apache in this regard?

Thanks a lot.

Backscratcher_dev

Look for something like this in your httpd.conf file:

# Port: The port to which the standalone server listens. For
# ports < 1023, you will need apache to be run as root initially.
#
Port 80

Oh, and note the note!

MrKnisely