Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to set up a VPN server on my Gentoo server so that I can access files when I'm out of the house, say at a friend's house.
Here is the setup
Site 1: My home
Gentoo server - which will become the VPN server
|
|
Linksys router - this routes the ADSL broadband, and has IPSec Pass-Through and PPTP Pass-Through options
|
|
|
Big Bad Internet
|
|
|
Site 2: friend's house
Linksys Router - lets just assume it is identical to mine
|
|
My friend's PC - this is trying to access my Gentoo server
Is the above setup possible? I mean, is it possible to have the VPN server behind the Linksys router?
Hamish, if they're both going to be linux boxes, and you want to bridge two networks, then you could look at using ssh+pppd to accomplish what you want. Basically, you pipe the PPPd output through the ssh connection you make, and it does all the link-layer handling. Then just specify a route between your two networks. Voila!
If you're looking to complicate things, go ahead and spend the five or six days it will take to get pptpd to play nice with linux + windows, et. al.
no, they won't both be linux. Basically, I'll probably be in the situation where we want to be able to access the server (and mount its shares) . the clients will all be windows.
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
I agree, this sounds like a VNP situation. I'd go with IPsec since the MS VPN client will work. What will it take to get it going? Good question. I've used FreeSwan configured with Webmin. I've not configured it to work with MS thought... I've heard it can be done easily.
That being said, you can do this with SSH, sftp, ect. There is a CD called XFreeCD that gives you a bash shell in Windows so you have a very Linux like enviroment to allow you tools like scp, sftp, ssh, etc. I use this solution and it works out GREAT for me.
L2TP/IPSec VPN is very interesting but also very difficult to set up. I haven't had any luck setting one up yet. In any case, if you want to access your Gentoo VPN server from behind your firewall, you may have to put in in the DMZ (Demilitarized Zone). However, doing that completely exposes your computer to the Internet so you will have to take precaution to lock it down.
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.
Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.
great! At least now I know what I need to do, I just need to work out how to do it!
I can easily forward to ports on the router, so no problems there. Basically, it sounds like I have all the gear that I need, I just need to find some documentation and make it work.
Distribution: Just about anything... so long as it is Debain based.
Posts: 297
Rep:
I can recomend any of the Linksys VPN router devices with the exception of the 8-port device. There seems to be a bug in the 8-port firmware version. This is as of about 3 months ago, so check for a firmware update more recent than that; if it's there I'll recomend all of them.
A co-worker of mine setup a VPN between two offices of a friends business using these. They are very user friendly, and the client works like a charm.
I basically have the same problem: Accessing a Linux server from outside a router. I have a DLink router and have done port forwarding to the Linux server's local ip address (e.g. 192.168.1.10) and assigned it port 7010.
It's okay when I access the Linux server from another PC (running XP) within my local network. It gives me the Apache server page, no problem.
When I try accessing the Linux server from outside of the router (i.e. Internet) through the router's IP address that my ISP assigns (for example: 84.23.49.20:7010), it gives me the 'Page cannot be displayed' error.
I am sure port forwarding works because I have an IP Camera connected on my local network as well and I have a port redirected to it and I can see my camera from my office.
Please help me.
Quote:
Originally posted by charon79m L2TP and IPSec are two different methods to do a VPN. Most IPSEC implementations us AH or ESP as their layer2 encryption method.
Regarding the DMZ, you in no way need to completely expose a box in a DMZ. You can expose only the ports you need to have exposed. Depending on the firewall being used some of this functionality may be limited. You can even have a NAT between your DMZ box and the Internet and everything still work if your firewall supports it. Unfortunately, the Linksys fiwewall we're talking about here does not have a DMZ port on it, so it's all just academic any way.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.