Hi all,
I want to stablish a net to net VPN using Bering as a gateway. On both ends will have windows machines :(
They want to see both nets as a whole, with all computers (remember windows) showing in the explorer, so they can access a shared hard disk from both sites.
I want to do this the easiest and cheapest way. Options considering:
1) If possible use only one "PC" on each end. I dont know if they have a WNT or W200 server that could act as a WINS server, but adding a linux (or a couple of) just for WINS is not desirable unless there is no other way (higher price and complexity).
2) How bad isfor security adding WINS (samba) in the gateway?
3) Even better, is really necesary to have a WINS service? I know that for IP services (http, ftp) there is no need for it, but the user just want to see the whole as if there was no "separation in the middle :)"
A WINS server gets you name resolution, but it does *NOT* provide cross-subnet browsing (the "official" term for what you describe you're wanting), although it's typically a required piece of most cross-subnet browsing setups.
4) What option is better, PPTP or FreeSWAN? Remember, both in the gateway/firewall. Do I need WINS if I use PPTP?
FreeS/WAN is better (from a security standpoint). Using PPTP may work easier for browsing, but I've never tried to set this up, so I'm not sure what features/limitations PPTP provides (other than a pretty much guaranteed lack of security from anyone actually interested in reading your data...PPTP will secure you from the idly curious, but not anyone actually wanting to break into your VPN).
I know this are very basic questions, is there any good online documentation about this topics?
Very thankful in advance. Regards.
I'm not a windows networking guru, but have been through enough of trying to link remote windows networks to help out with a few issues.
First of all, I suggest trying to setup a subnet-subnet IPSec VPN link between your two firewalls. This reduces the problem to getting windows boxes to talk to each other across a router. There are two aspects of the windows portion of the problem:
1) Sharing network resources across subnets
2) Browsing network resources across subnets
Note that these are *VERY* differnet problems. Browsing on MS networks typically works by using broadcast traffic, which won't pass through your router/firewall/VPN appliance. Drive mapping, however, can be done directly using IP addresses, DNS names (if you have entries for the system(s) in a zone file or in your hosts file), WINS name, etc.
If you can get by with manually mapping drives instead of browsing (ie manually typing in an IP or computer name rather than clicking the proper computer from a tree view with the mouse), what you want is very simple...just get the VPN link running, and type \\192.168.1.44 (or whatever the appropriate far-end IP is) when you're trying to map a network drive or printer.
If, however, you want to "browse" to the remote resouce, you have a much bigger problem. The official microsoft way to do this is to run 2K server (probably .net server by now) on *EACH* subnet. You eliminate the server install on one side of the network if you have all systems log into the same domain controller (requires a WINS server for name resolution, and proper configuration of the remote systems so they know how to find the WINS server on the far subnet...this can be setup via dhcp, so it's really not too bad). The Microsoft site has a lot more info on what's required to implement this in the "approved" way...a search for "cross subnet browsing" should turn up lots of info.
Samba servers can help mitigate a lot of the problems incurred due to the artificial limitations of Microsoft's software (you'd think they want to sell tons of copies of their server software or something), but I wouldn't suggest running Samba on your firewalls, and it doesn't sound like you have extra boxes lying around to turn into server systems.
All of the above reflects what I've picked up trying to get my windows box to gracefully talk to the home office network across a subnet-subnet VPN, but does not necessarily represent the best, or necessarily even appropriate way to do this in the microsoft world...I'm a linux networking guy, and know just enough microsoft networking to keep my 2KPro desktop linked to the internet and the home office.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
