On Fri, 2002-05-17 at 15:33, Michael George wrote: > Hello everyone! > > My company is going to soon be putting our own server at an ISP's location so > that we can have full control over our web site and incoming mail. We are > putting just the single rackmount system (running RHL 7.2 or 7.3) onto the > net.
Ok... > For security, we are turning off all services to the outside world except for > HTTP, HTTPS, and SMTP. However, we would like to have access to POP/IMAP and > remote access daemons (ftp, rlogin, telnet), but ONLY to the "local" network. I would not touch rlogin or telnet with a 10 foot pole. Use ssh/scp instead. That would allow you to be more secure, and you probably wouldn't need ftp either. > Then we would set up VPN tunnels from our main office and a couple remote > locations (some of us work from home offices) to this server for those > services and also for that server to "locally" access our main internal server > with rdist for backup purposes. Again, I would use ssh rather than a VPN and rsync over ssh rather than rdist. > For the main office and the home offices, we have the new Linksys BEFVP41 > VPN routers acting as little firewalls and setting up VPN tunnels between > them. They were very easy to set up and they seem to communicate just fine. > > What we would like to do is be able to set up FreeS/WAN on the web server and > have VPN tunnels set up to the Linksys. I have read the FreeS/WAN docs and am > somewhat intimidated. From their examples, I think I could handle connecting > two FreeS/WAN implementations, but I'm a bit confused still with how to make > it operate correctly with the Linksys. Possible, but Red Hat does not support FreeS/WAN or any VPN's at the moment, although CIPE is at least in the distribution. > I think my points of confusion come from my lack of knowledge of the VPN > protocol... > > I understand that we want to use "Auto key management (IKE)", a pre-shared > key (that's what the Linksys uses), and Perfect Forward Secrecy (default on > FreeS/WAN, option on Linksys). > > Where I'm confused is with the "Encryption" and "Authentication" settings on > the Linksys (we'd like to use 3DES and SHA). I've found references to 3DES > and MD5 (another option from SHA) in the FreeS/WAN docs, but they seem to be > in reference to Manual key management, not auto... > > I'm wondering if anyone has successfully had FreeS/WAN interoperating with the > Linksys BEFVP41 DSL/Cable router. If so, could you please give me a little > direction or perhaps a config file that would help me understand what I need > to know to get these systems to interoperate? > > I do not yet have the server system here for testing, but I should have it by > the last week of May. I plan on testing it by plugging its ethernet into the > WAN side of my router and working with it from there... I'm not the right person to ask about making VPN's work, sorry. -- ********************************************************************** Chris Kloiber, RHCE Red Hat,Inc. Hardware Certification aka 1801 Varsity Dr. Enterprise Support "WireHead" Raleigh, NC 27606 ********************************************************************** _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list