Re: [MLUG] Need advice from security experts

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED, MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] Need advice from security experts
From: Bryan Venable <EMAIL:PROTECTED>
Date: Thu, 14 Oct 2004 11:47:51 -0500
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: Bryan Venable <EMAIL:PROTECTED>, MLUG Members<EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

Anyone looking at setting up a VPN with free software should look at
OpenVPN, IMNSHO, especially if you haven't done a VPN before.  It will
run on Mac OS X, although not on the "classic" Mac OS.  It also runs
on Windows 2000 & XP, Linux, Solaris, OpenBSD, FreeBSD and NetBSD.  It
is very easy to set up compared to most other VPNs.  It should let you
set up either a "tun" VPN that will be a routed connection or a "tap"
VPN that will be a bridged connection.  Either way you don't need to
do port forwarding.  Each VPN user will have their own virtual
interface on the VPN server/firewall that you can apply firewall rules
to, and if you're doing packet forwarding (routing) on the VPN
server/firewall the users can just add routes via the VPN interface on
their system to reach the network(s) on the other side.

On Wed, 13 Oct 2004 11:25:31 -0700, Matt Krause <EMAIL:PROTECTED> wrote:
> I have started building a firewall from an Xserve G4 running Yellowdog.
> We would also like this to be a VPN box as well. Our main goal is to
> allow multiple home users access to their desktop machines at work using
> Timbuktu.  Is this even possible?  I am a little fuzzy on whether or not
> iptables will allow me to forward the timbuktu ports to different
> machines depending on where the traffic is coming from.  Is this
> something a VPN would do along with secure traffic?  i.e.  The user logs
> on to the VPN and then the firewall can determine which machine to
> forward the ports based on the username?
> 
> I am looking at different VPN servers right now, but Super FreeS/WAN
> looks like it might work since the super version has the NAT Traversal
> patch already included.  Our entire company is NAT'ed behing a firewall.
> 
> Are there any other better ways to do what I need to do.
> 
> Thanks a bunch.
> 
> --
> Matt Krause
> EMAIL:PROTECTED
> http://www.mattkrause.net
> 
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members
>
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

References:
- [MLUG] Need advice from security experts
  - From: Matt Krause <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] DWTFYWT Public license
Next by Date: [MLUG] Tech On Wheels
Previous by thread: [MLUG] Need advice from security experts
Next by thread: [MLUG] Tech On Wheels
Index(es):
- Date
- Thread