Hello everyone! My company is going to soon be putting our own server at an ISP's location so that we can have full control over our web site and incoming mail. We are putting just the single rackmount system (running RHL 7.2 or 7.3) onto the net.
For security, we are turning off all services to the outside world except for HTTP, HTTPS, and SMTP. However, we would like to have access to POP/IMAP and remote access daemons (ftp, rlogin, telnet), but ONLY to the "local" network. Then we would set up VPN tunnels from our main office and a couple remote locations (some of us work from home offices) to this server for those services and also for that server to "locally" access our main internal server with rdist for backup purposes. For the main office and the home offices, we have the new Linksys BEFVP41 VPN routers acting as little firewalls and setting up VPN tunnels between them. They were very easy to set up and they seem to communicate just fine. What we would like to do is be able to set up FreeS/WAN on the web server and have VPN tunnels set up to the Linksys. I have read the FreeS/WAN docs and am somewhat intimidated. From their examples, I think I could handle connecting two FreeS/WAN implementations, but I'm a bit confused still with how to make it operate correctly with the Linksys. I think my points of confusion come from my lack of knowledge of the VPN protocol... I understand that we want to use "Auto key management (IKE)", a pre-shared key (that's what the Linksys uses), and Perfect Forward Secrecy (default on FreeS/WAN, option on Linksys). Where I'm confused is with the "Encryption" and "Authentication" settings on the Linksys (we'd like to use 3DES and SHA). I've found references to 3DES and MD5 (another option from SHA) in the FreeS/WAN docs, but they seem to be in reference to Manual key management, not auto... I'm wondering if anyone has successfully had FreeS/WAN interoperating with the Linksys BEFVP41 DSL/Cable router. If so, could you please give me a little direction or perhaps a config file that would help me understand what I need to know to get these systems to interoperate? I do not yet have the server system here for testing, but I should have it by the last week of May. I plan on testing it by plugging its ethernet into the WAN side of my router and working with it from there... Thank you! -Michael -- In light of the terrorist attack on the U.S.: They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list