Hello everyone!
My company is going to soon be putting our own server at an ISP's location so
that we can have full control over our web site and incoming mail. We are
putting just the single rackmount system (running RHL 7.2 or 7.3) onto the
net.
For security, we are turning off all services to the outside world except for
HTTP, HTTPS, and SMTP. However, we would like to have access to POP/IMAP and
remote access daemons (ftp, rlogin, telnet), but ONLY to the "local" network.
Then we would set up VPN tunnels from our main office and a couple remote
locations (some of us work from home offices) to this server for those
services and also for that server to "locally" access our main internal server
with rdist for backup purposes.
For the main office and the home offices, we have the new Linksys BEFVP41
VPN routers acting as little firewalls and setting up VPN tunnels between
them. They were very easy to set up and they seem to communicate just fine.
What we would like to do is be able to set up FreeS/WAN on the web server and
have VPN tunnels set up to the Linksys. I have read the FreeS/WAN docs and am
somewhat intimidated. From their examples, I think I could handle connecting
two FreeS/WAN implementations, but I'm a bit confused still with how to make
it operate correctly with the Linksys.
I think my points of confusion come from my lack of knowledge of the VPN
protocol...
I understand that we want to use "Auto key management (IKE)", a pre-shared
key (that's what the Linksys uses), and Perfect Forward Secrecy (default on
FreeS/WAN, option on Linksys).
Where I'm confused is with the "Encryption" and "Authentication" settings on
the Linksys (we'd like to use 3DES and SHA). I've found references to 3DES
and MD5 (another option from SHA) in the FreeS/WAN docs, but they seem to be
in reference to Manual key management, not auto...
I'm wondering if anyone has successfully had FreeS/WAN interoperating with the
Linksys BEFVP41 DSL/Cable router. If so, could you please give me a little
direction or perhaps a config file that would help me understand what I need
to know to get these systems to interoperate?
I do not yet have the server system here for testing, but I should have it by
the last week of May. I plan on testing it by plugging its ethernet into the
WAN side of my router and working with it from there...
Thank you!
-Michael
--
In light of the terrorist attack on the U.S.:
They that give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.
-- Benjamin Franklin, 1759
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
