I am in need of a VPN solution.....
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: I am in need of a VPN solution.....

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    123

    Cool I am in need of a VPN solution.....

    Hello all, I am in need of a vpn solution. Currently we have a AS400 server here at our site that is behind a firewall. Well we have about 50 clients that want to access the server from their homes using their windows boxes. This needs to be a linux solution due to budget. Any recommendations?

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Do you want Linux or do you want free or ?
    Do you want IPSEC or ssl based?

    Most of the free Linux based VPN setups are so poorly documented, that management is
    a total PITA. I would never put one in a production environment myself...

    Here is a link to a very affordable Linux based vpn setup based on the smoothwall
    stuff.

    www.smoothwall.net/products/smoothtunnel31

    Cheers,

    SGS

  3. #3
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852

    Re: I am in need of a VPN solution.....

    Originally posted here by mrlucifer
    Hello all, I am in need of a vpn solution. Currently we have a AS400 server here at our site that is behind a firewall. Well we have about 50 clients that want to access the server from their homes using their windows boxes. This needs to be a linux solution due to budget. Any recommendations?

    What type of firewall are you currently using? If your firewall allows for PPTP users, all you will have to do is to define users on that firewall as PPTP users and then on their end they can simply create a new VPN connection from within Windows, using their username and password that you have definded for them on your firewall and they will be granted access to any resources that you define for them. No other software needs to be purchased or installed. At least I know for certain that Watchguard firewalls allow for this type of connection.
    - Maverick

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Important consideration:

    You are granting home users VPN access to the trusted network. Make them clean their boxes and install a firewall before you grant access..... or you could be granting me access to the trusted network too......

    Oh.... and log _everything_ that passes from the remote clients to the trusted network and visca-versa......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    http://www.smoothwall.org

    free, linux, rock solid, VPN support, very well documented, nice logs

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Smoothwall has a great solution as already stated, however, as Tiger points out, having the ability to enforce client side policy is *extremely* important. One of the many hats I wear is that of enterprise VPN admin and without the ability to control the minimum requirements of a connecting host (AV, patches, etc.), my network would have more zombies than a Michael Jackson Thriller video.

    The last time I checked, Smoothwall did not give you this feature.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    While thehorse13 and Tiger Shark make good points, the smoothwall suggestion was an attempt to keep the stated requirement(s) in mind.

    VPN solutions with support for AV and Patch checking are expensive and most are NOT vendor neutral. Many have built in firewalls built in to their client while many do not.
    Many environments don't have the resources to operate with solutions that include such support. They can however operate with a secure configuration and Smoothwall CAN help them reach some of those goals.

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    VPN solutions with support for AV and Patch checking are expensive and most are NOT vendor neutral.
    Actually, this used to be true but the new climate in this segment is very competitive. Most if not all security vendors are releasing "God" boxes. These appliances offer VPN (using IPSec/SSL/3DES, etc.), firewall, Spam filter, client-side policy management, e-mail services (SMTP/POP/IMAP) and antivirus. Pricing has come down from the absolutely insane to very affordable. It is certainly true that Smoothwall will meet very basic VPN requirements but if you have a little bit of bling bling sitting around, you may be surprised what you can buy with it these days. Look for Cisco, Nortel, Juniper and Secure Computing to be major players in this space.

    Also, interoperability is a *major* buzz word these days. The major players want to be sure that your heterogeneous shop runs well with their drop-in solutions. Many of the vendors walking in my door provide me with a 5 page marketing slick that shows all of the vendors that they work with. This actually makes it a little more difficult when making descisions because the lines of separation begin to blur but that's an entirely different topic altogether.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Would these devices be anything like the 5 in 1 printer, copier, scanner, fax machine etc. people sell? It has been my experience that the "all in ones" do only a mediochre job at everything and create a single point of failure that can be a pain in the you-know if you don't have a second device to drop right in there. That just doubled the cost....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Aug 2002
    Posts
    123
    what do you think about this setup?

    http://poptop.sourceforge.net/dox/radius_mysql.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •