Hi, On Thu, November 17, 2011 15:22, Gordon Scott wrote: > Yes, but without the OpenVPN client at the Windoze end, which might be > the problem.
Cool, no problems there. The Windows client is a proper executable installer, and you can pre-create a configuration file and set of CA keys for them to dump into the client's configuration directory. All they will then have to figure out is to make it start up automatically, which is not too difficult. >>> Does anyone know where I can find a guide that works? >>> >> >> Here is one that looks good: >> >> >> http://library.linode.com/networking/openvpn/ubuntu-10.04-lucid >> >> >> Pay close attention to the certification parts and make sure you don't >> miss out steps. > > It's certainly a more complete guide than most^H^H^H^H any other I've > seen. I'll be exploring my way through it. It's a good one indeed. :-) > Unfortunately pptp is what's on offer. The whole system there is managed > by an outside company and they don't understand anything except Windoze and > maybe some Mac. They're pretty good at what they do, but I get 'rabbits in > the headlights' looks if I mention Linux. I have been looking at putting > in a Linux box alongside and doing IPsec rather than pptp, though I'm not > sure how well the rabbits would take to the idea. You can help them concentrate on what they do best by preparing things for them in advance. :-) There are pros and cons for both OpenVPN and IPSec. I think that Windows actually have IPSec support built in to it's standard networking stack, so you don't have to specifically install anything new. However, I'm not too sure about this, since I don't have the benefit of an IPSec rig to test with at the moment. Last time I set up IPSec I also found it to be quite complex due to the way I had to punch holes through the company firewall, while OpenVPN does everything through a single UDP port. On the other hand, OpenVPN does need the installation of the client software on the Doze server, but it's really really easy. Furthermore the server-side is really easy to set up too. So read through the HOWTO and let me know how you get on. I actually have a few shortcuts for you in terms of configuration files etc, but it's better if you first develop an understanding on the basics of OpenVPN. Network security purists will say IPSec is more secure than OpenVPN (pure SSL-based VPN), and I suppose it is, even if I haven't seen data to support this. So, you have both as solid options, and I think that with some care and a bit of pre-planning no rabbits needs be harmed in the process! :-) Somebody on the list mentioned SSH tunnels, which is an option. On the Windows side you have Putty, which can be set up to do tunnels with ease. Whether you can do this in a non-interactive manner, I'm not too sure, but it is a solid third option. -- Regards, Jan Henkins -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
