| View previous topic :: View next topic |
| Author |
Message |
fmeehan
n00b
Joined: 12 Aug 2002
Posts: 24
Location: Notre-Dame Ile Perrot, Quebec, Canada
|
 Posted: Mon Sep 09, 2002 7:11 pm Post subject: VPN solution for win client ===> linux Netfilter firewall |
 |
|
Hi all,
What is the best solution, software to implement on a Firewall running Gentoo with Netfilter-Iptables, to provide VPN services to remote win2k pc(win pptp client)? What authentication mechanisms should I use?
Francois |
|
| Back to top |
|
 |
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Thu Sep 12, 2002 3:01 pm Post subject: |
|
|
First of all, Firewall != VPN. The two are entirely diferent programs that serve entirely different purposes.
Next, if you can avoid it, don't use PPTP. PPTP, by itself, doesn't offer encryption of the data packet. Use IPSec instead. (Win2K supports IPSec, as does XP)
Though it's not clear, from your message, I think you're asking about linux VPN servers that your Win2K client can connect to. If so, check out FreeSwan and the Linux VPN mini HOWTO
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
fmeehan
n00b
Joined: 12 Aug 2002
Posts: 24
Location: Notre-Dame Ile Perrot, Quebec, Canada
|
| Posted: Thu Sep 12, 2002 5:54 pm Post subject: It is now working... |
|
|
Hi Kurt,
Indeed I was looking for linux VPN servers that for Win2K (and forgot to mention win98 too, life is a bitch...) client to connect to.
I completely agree with you for having the vpn not running on the same box as the firewall. Part of my brain was switched off I guess 
I did installed pptp, (painfull process that was on gentoo) but with the ppoe patch. It is now working, and when I look at my connection status, it is reported as using: Encryption mppe 128.
Using tethereal, the generated traffic is encapsulated, can't see it's content, but will perform further tests.
Can FreeSwan be used with win98 clients?
Thanks for your comments.
Francois |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Thu Sep 12, 2002 6:08 pm Post subject: Re: It is now working... |
|
|
| fmeehan wrote: | | I completely agree with you for having the vpn not running on the same box as the firewall. |
Just to clarify, I was simply referring to the fact that a firewall has nothing to do with a VPN server. Depending on the circumstances, it may be perfectly acceptable to run both applications on the same box.
| fmeehan wrote: | | I did installed pptp, (painfull process that was on gentoo) but with the ppoe patch. It is now working, and when I look at my connection status, it is reported as using: Encryption mppe 128. |
Sorry -- I should have been more accurate. PPTP doesn't encrypt the negotiation information, only the data. So, things like IP address, username and sometimes even the hashed password travel over the wire in clear text.
Again, IPSec is a much better protocol, offering more robust security and stronger encryption.
| fmeehan wrote: | | Can FreeSwan be used with win98 clients? |
I believe so, if you're using an IPSec-compatible Win98 client
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
linuxbug
n00b
Joined: 10 Jul 2003
Posts: 20
|
| Posted: Thu Oct 30, 2003 12:48 pm Post subject: how win2k client connect with pptpd server on linux |
|
|
I have a ADSL with my win2k and now I can visit Internet with ADSL.
Then I create a VPN connection from the win2k to a linux pptp server.
I noticed that this connection was successed! But I can't ping linux pptp server via tunnel-ip?
Windows 2000 IP Configuration
Ethernet adapter 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : *.*.205.159
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : *.139.*.159
Ethernet adapter :
Connection-specific DNS Suffix . :
Autoconfiguration IP Address. . . : 169.254.1.186
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
PPP adapter virtual private connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.102.231
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
the linux server's ip configure :
eth0 Link encap:Ethernet HWaddr 00:40:05:15:19:FE
inet addr:*.*.*.* Bcast:*.*.*.* Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:179 errors:0 dropped:0 overruns:0 frame:0
TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:18267 (17.8 Kb) TX bytes:27530 (26.8 Kb)
Interrupt:11 Base address:0xdc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:87 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9576 (9.3 Kb) TX bytes:9576 (9.3 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.102.250 P-t-P:192.168.102.231 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:229 errors:0 dropped:0 overruns:0 frame:0
TX packets:2663 errors:0 dropped:0 overruns:0 carrier:0 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
