On Tue, 2004-09-14 at 09:46, Peter Marshall wrote: > I need to set up a vpn. I am trying to figure out which would be best. I > need to connect my office with a sister office. The employess are using > windows machines. They want to be able to get and put files from a windos > file server. Windows networking would be a bonus. Both offices have Linux > firewalls. Would ssh over a PPP tunnel work for this ? Would pptp or > cIPe be a better solution ? > > I have my network setup below ... I was also wondering if it would be better > to put the vpn server either behind the internal firewall, or in the dmz, or > make it part of the internal firewall > > my network in a nutshell. > I have an internal network with an internal firewall. I have an external > network with an external firewall, and a dmz, between the internal and the > external firewall. All numbers in the dmz are internet routable (They have > their own /26 network). The external firewall has a 29 subnet on it's > external interface. <snip> I would suggest an IPSec VPN using either the native IPSec stack in the latest Linux or either StrongSWAN (www.strongswan.org) or OpenSWAN (www.openswan.org) and placing access control and VPN on the same device. That is how we design most devices for use in the ISCS project (http://iscs.sourceforge.net). You will need to manage the Windows networking carefully as the broadcasts normally associated with browsing and with some forms of NetBIOS Name Resolution will not work through the VPN. There is a lot of information in the FressS/WAN/ StrongSWAN / OpenSWAN archives about that. Good luck with it - John -- John A. Sullivan III Open Source Development Corporation Financially sustainable open source development http://www.opensourcedevel.com
