VPN solution

• Previous message: Dave: "NIC Tuning Parameters"
• Next in thread: Dave {Reply Address in.sig}: "Re: VPN solution"
• Reply: Brendon Caligari: "Re: VPN solution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 29 Jul 2004 18:02:17 +0000 (UTC)

Can anybody help me sort out a VPN solution? I administrate a small
network of around 30 computers. Half the machines are behind a NAT
firewall and half have static IPs addigned to us by our ISP (for various
reasons I won't go into).

The main SMB fileserver is behind the firewall but I need a way for people
to access it from home. So far I've figured a number of solutions:

1) FreeSwan/OpenSwan. Too complicated and involved for what is a very
small network. For example, it seems to require DNS registration for our
subnet before it can be used. I also struggle to understand much of the
terminology.

2) PPTP via PopTop. I set this up successfully today but to encrypt data
transfer with Windows clients, you need a special mppe kernel module. This
has to be built against your current kernel so an automatic kernel update
will break it (ie via yum). I don't fancy having to rebuild the module
each time a new kernel is released (I use RPM package management on
RH9/FC1 machines for my servers).

3) Simply putting the Samba server onto the Internet with a static IP. The
data transfers won't be encrypted but the user authentication is. Trouble
is that this could mean the entire fileserver is compromised should there
be a bug in Samba.

4) A special machine that mounts the SMB server and provides outside
access via its own SMB server. This means that if it gets compromised, all
they can do is trash an otherwise empty machine (although I suppose
they'll still be able to wipe files on the SMB mount).

Any ideas?

• Previous message: Dave: "NIC Tuning Parameters"
• Next in thread: Dave {Reply Address in.sig}: "Re: VPN solution"
• Reply: Brendon Caligari: "Re: VPN solution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]