John A. Sullivan III jsullivan at opensourcedevelopmentcorp.com
Tue Sep 14 16:42:27 CEST 2004

On Tue, 2004-09-14 at 09:46, Peter Marshall wrote:
> I need to set up a vpn.  I am trying to figure out which would be best.  I
> need to connect my office with a sister office.  The employess are using
> windows machines.  They want to be able to get and put files from a windos
> file server. Windows networking would be a bonus.  Both offices have Linux
> firewalls.    Would ssh over a PPP tunnel work for this ?  Would pptp or
> cIPe be a better solution ?
> I have my network setup below ... I was also wondering if it would be better
> to put the vpn server either behind the internal firewall, or in the dmz, or
> make it part of the internal firewall
> my network in a nutshell.
> I have an internal network with an internal firewall.  I have an external
> network with an external firewall, and a dmz, between the internal and the
> external firewall.  All numbers in the dmz are internet routable (They have
> their own /26 network).  The external firewall has a 29 subnet on it's
> external interface.
I would suggest an IPSec VPN using either the native IPSec stack in the
latest Linux or either StrongSWAN (www.strongswan.org) or OpenSWAN
(www.openswan.org) and placing access control and VPN on the same
device.  That is how we design most devices for use in the ISCS project

You will need to manage the Windows networking carefully as the
broadcasts normally associated with browsing and with some forms of
NetBIOS Name Resolution will not work through the VPN.  There is a lot
of information in the FressS/WAN/ StrongSWAN / OpenSWAN archives about
that. Good luck with it - John
John A. Sullivan III
Open Source Development Corporation
Financially sustainable open source development

More information about the netfilter mailing list