On Friday 01 February 2002 11:24, Christopher Holmes wrote:
> I've set up a Dachstein box at my office & one for a small network at
> home. I'd like to set up a VPN at work that allows employees to work
> from home.
>
> I've started reading through some of the docs, but don't have a clear
> idea of the "big picture." This is how I undersand it. Please let
> me know where I'm off base:
The type of VPN connections you can run (via IPSec anyway):
*host-to-host
host-box ******************* internet ************* host-box
*host-to subnet
client-boxes **** Ipsec-gateway***** internet ****** host-box
*subnet-to-subnet
clients *** Ipsec-gw ****** internet ***** Ipsec-gw *** clients
On a host setup,
only that host can connect (requires port-fw through a firewall).
On a gateway setup,
the gateway box cannot participate in the sharing itself, it simply
maintains the connection (tunnel). Routes between subnets are
made on the gateway box, but Name-resolution (DNS/WINS) must
be done on another box within the valid subnet(s). On a gw-to-gw
connection, the seperate subnets _must_ be different subnets.... ie,
192.168.1, 192.168.2 192.168.0 ! You cannot set routes between the
same subnet that I am aware of.
As far as DHCP complicating things, in the tunnel setup the remote
hosts/gateways must be implicitely declared in the tunnel config. So
for ip addresses that may change, a service such as dyndns can be
very helpful to declare the valid ip address for a box that may have a
different ip address at some point in time without changing
configuration.
In all cases, permissions must be setup for any machines to allow access
and sharing. This may include NetBIOS/Samba, /etc/hosts.allow,
and individual file, directory, and share permissions depending on the
type of access you are allowing.
I hope this clarifies a few things.
Maybe I can make some kind of VPN howto in the near future.
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
