Re: Need Help setting up a VPN Connection to my LAN
Version: page should look like this: http: //ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm for the BEFSX41 (which is all it supports): http: //homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 well as VirtualMachine images): http: //openvpn.net/index.php/download/access-server-downloads.html To configure OpenVPN client in Linux: Client configuration instructions for Sentinel to BEFSX41: (useful for setting options in your linux client): http: //www.homenethelp.com/vpn/router-config.asp On Jun 24, 2012 1: 00 PM, Mark Phillips m...@phillipsmarketing.biz wrote: http: //it-clowns.comSafeway.com To subscribe, unsubscribe, or to change your mail settings: http: //lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss To subscribe, unsubscribe, or to change your mail settings: http: //lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss http: //it-clowns.comSafeway.com To subscribe, unsubscribe, or to change your mail settings: http: //lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss To subscribe, unsubscribe, or to change your mail settings: http: //lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss Content-Type: text/plain; charset=UTF-8 Date: Mon, 25 Jun 2012 12:23:33 -0700 Message-ID: 1340652213.2685.43.camel@debian Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQlubsLWS8GVxqy5phuEcM+Bqb40xx77jviUeNuJxQbf55vQZN9zigEC6yB4j8ITdSRhl276 Some might disagree with me here, but as a possible alternative to setting up a full VPN solution... If you're going to be needing to do this often then absolutely a more permanent VPN solution makes sense. But for a one-off or two-off if you don't need GUI access, just a shell, you could do a reverse ssh tunnel. If you have access to any trusted server off your home network you can use that, or what I've done in the past is just spin up a small cloud image on Amazon or Dreamhost or anywhere that offers a utility-based pricing model (pay only for the time you use). Build the tunnel from one of the computers on your LAN to the cloud server and leave it open. If you're worried the connection might drop while you're away you could write a small script that checks to see if the tunnel is up, and restarts it if it isn't (copy a public key to the cloud server for key-based auth so this doesn't need a password). Then when you need to log into your stuff at home, ssh from your laptop to the cloud server, then jump from there to the machine on your LAN that has the other end of your tunnel. If you need to access more than one system at home, you can then jump from the system with the tunnel to whatever you need to get at. Yes, performance could suck a bit ssh'ing 2-3 times, but the set up is generally faster than VPN if you only need to use it once and you're comfortable working with ssh already. Just a thought if you needed to get going quickly, or have something until you can get a VPN up. And don't forget to shut down the cloud server when you're back home so you don't pay for something you aren't using! I've done that one too, luckily an EC2 micro instance is pretty cheap. Good walkthrough on reverse tunneling: http://www.howtoforge.com/reverse-ssh-tunneling -- Jill n 2012-06-25 02:26, Mark Phillips wrote: --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: Need Help setting up a VPN Connection to my LAN
Actually, using VNC you can even get GUI access with a 'local' ssh forward of the VNC port. Been there, done that, it works. Check out these 2 ssh command lines: ssh -L 5902:there:5902 me@overthere This will ssh into 'overthere' as 'me', and once you are logged in 'overthere' it will forward port 5902 from the machine on which you STARTED the ssh session to the VNC server (port 5902) on machine 'there' - which for best results is over on the same subnet as 'overthere' :-) In other words, say ssh -L 5902:vncserver:5902 me@vncserver then, once you are logged in, from the same machine on which you did the ssh, connect to 'localhost' using VNC client - and you are instead talking to the vncserver's VNC (:2 or :1, I think). ssh -R 9283:there2:9283 me@overthere As before, once you have gotten logged in as 'me' 'overthere', it forwards a port, but this time from the 'overthere' side back to your side, so that 'there2' should be on the same subnet as the machine from which you started the ssh. Note that there is NO requirement for the two port numbers to be the same value. If that's confusing, sorry, but ssh DOES tend to be a bit of a swiss army knife! Rusty --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need Help setting up a VPN Connection to my LAN
Rtfm? It really depends on what your options are in the vpn device are. On Jun 24, 2012 1:00 PM, Mark Phillips m...@phillipsmarketing.biz wrote: I need to take my laptop on several road trips, and I need to connect back to my home office LAN - all Debian machines. I am on COX cable with a BEFSX41 router. The BEFSX41 has a VPN option that I have never used. What do I need to add to my laptop (Debian) to talk to my home office LAN securely (ie through a VPN) using my BEFSX41? Obviously, I am a complete nube when it comes to setting up VPN access to my LAN. I have googled for some recommendations, but I have not found a good reference to follow. Thanks, Mark --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need Help setting up a VPN Connection to my LAN
Stephen, Thanksthere are tons of options on the device. But I read that I need a vpn server on my LAN.other posts say no.Most of the information I found in forums is several years old, so I thought someone with more experience than me could point me to a better manual. I read this http://www.debian-administration.org/articles/489, but again it is over 5 years old, so perhaps there is a better solution? This is the manual page from the BEFSX41.I am not completely sure which options to use. Plus, I assume I may need something running on my laptop - OpenVPN? Do I need a VPN server on my LAN, or something else, to be able to login to my different machines? Mark *VPN** Passthrough* This Router supports IPSec, PPTP, and PPPoE Passthrough. You can select either *Enable* or *Disable* for these options. -- *VPN* *Select Tunnel Entry*- Select the tunnels number you want to set up. *Delete*- click this to remove any entries made for this tunnel you selected. *Summary*- Click this button to display the status of all the tunnels. *IPSec VPN Tunnel*- Select *Enabled* to create a tunnel or *Disabled* to close the tunnel. *Tunnel Name*- Once the tunnel is enabled, enter an arbitrary name for the tunnel you are about to create. *Local Secure Group* This allows you to grant local computer access to this tunnel. SubnetThis will allow all computers on the local subnet to access the tunnel. Enter the IP Address and Mask to allow access to the tunnel.IP Addr.This only allows the local computer with the specified IP address. Enter the IP address you want to allow access to the tunnel.IP RangeThis allows a range of local computers to access the tunnel. Enter the IP address range allowed to access the tunnel. * Remote Secure Group* This allows you grant remote computers access to this tunnel. SubnetThis will allow all computers on the remote subnet to access the tunnel. Enter the IP Address and Mask to allow access to the tunnel.IP Addr.This only allows the remote computer with the specified IP address. Enter the IP address you want to allow access to the tunnel.IP RangeThis allows a range of remote computers to access the tunnel. Enter the IP address range allowed to access the tunnel.HostWhen this is selected, the settings will be the same as the Remote Security Gateway. AnyThis option will allow any IP address from a remote location to access this tunnel. * Remote Secure Gateway* This sets the remote end of the VPN tunnel. You can either specify the IP address, Domain, or Any. IP Addr.Enter the IP address of the remote tunnel you will connect.DomainThis option lets you enter the fully qualified domain name. If you do not have an IP address, you have an option to enter the domain of the tunnel you are connecting to.AnyThis will will allow any tunnel connection to be established. *Encryption* DESData Encryption Standard (DES) is a type of encryption for this VPN tunnel. If you select this option, make sure the other end of the tunnel uses the same encryption type.3DESTriple Data Encryption Standard (3DES) is a stronger type of encryption for this VPN Tunnel. If you select this option, make sure the other end of the tunnel uses the same encryption type. DisableThis option will not encrypt for this tunnel. *Authentication* MD5Message-Digest Algorithm (MD5)- Generates 128-bit message digest based on the input. If you select this option, make sure the other end of the tunnel uses the same authentication type.SHASecure Hash Algorithm (SHA)- Generates 160-bit message digest based on the input. If you select this option, make sure the other end of the tunnel uses the same authentication type.DisabledThis option will not authenticate for this tunnel. *Key Management* In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption. This is done by sharing a key to encrypt code. You can select *Auto (IKE)* or *Manual*. *Automatic Key Management* PFSPerfect Forward Secrecy (PFS) ensures that the initial key exchange and IKE proposal are secure. This must be the same for both end of the tunnel.Pre-shared KeyEnter a series of number and letters that will be used as your key. This must be the same for both end of the tunnel.Key LifetimeEnter a number of seconds for the life of the key. After the key lifetime expires, a new code will be generated. This much be the same for both end of the tunnel. *Manual Key Management* Encryption keyEnter a series of letters or numbers to generate an encryption key. This must be the same for both end of the tunnel.Authentication KeyEnter a series of letters or numbers to generate an authentication key. This must be the same for both end of the tunnel.Inbound SPIEnter a series of letter or numbers to generate the Inbound SPI. This must match the outbound SPI on the other end of the tunnel.Outbound SPIEnter a series of letter or numbers to generate the outbound SPI. This must match the inbound SPI
Re: Need Help setting up a VPN Connection to my LAN
This sounds like yours does what is known as a lan to lan configuration, or lan extension mode. Two subnets routing together, not a remote access or client-based vpn, like a home-office extension to work permanently. Not client-based vpn, which is probably what you're looking for. Normally what you want is to have a vpn device that acts as a concentrator for clients running crypto software, initiate a connection, set up virtual tunneling from your box to the concentrator hub, and you now become an extension of the internal network from your client/host. Yours sounds like it's meant to tie your subnet to a hub device, which implies like two of these devices back to back across the internet, not a windows box phoning home. If you're looking for a good little vpn box, snipe an old cisco pix 501 unrestricted on ebay cheap (or buy-it-now for ~30-50 bucks), setup client ipsec vpn connections with local accounts documented since the beginning of time, free client software for every platform (native on linux now with cvpnd/network-manager) and use that as it requires minimal gui config. It supports 3des which is still fairly adequate for clients, or you can find newer asa5505's for ~200-300 that do aes256, certs, ldap auth (ad), whatever. Good/cheap device with tons of info out there, and a built-in java gui wizard for setting it up that even a windoze admin can figure out client vpn setup. I'm actually looking to do this at the moment to stub off my mom's house on a persistent tunnel lan extension to my network so I can remote-manage her security and give access to my media stash. The little pix 501's are good Openvpn is good too, but more diy than you may like with certs and such vs passwords. You can get the little ddwrt/tomato ap/router boxen like asus n16's that can also install openvpn for this if you want a canned solution. There are other soho vpn boxes I've seen at frys and such, but they're entirely ymmv-ish off-brand stuff usually. Not sure netgear or dlink are really know for their prowess for vpn client function, but I think not. -mb On 06/24/2012 01:21 PM, Mark Phillips wrote: Stephen, Thanksthere are tons of options on the device. But I read that I need a vpn server on my LAN.other posts say no.Most of the information I found in forums is several years old, so I thought someone with more experience than me could point me to a better manual. I read this http://www.debian-administration.org/articles/489, but again it is over 5 years old, so perhaps there is a better solution? This is the manual page from the BEFSX41.I am not completely sure which options to use. Plus, I assume I may need something running on my laptop - OpenVPN? Do I need a VPN server on my LAN, or something else, to be able to login to my different machines? Mark */VPN/**/Passthrough/* This Router supports IPSec, PPTP, and PPPoE Passthrough. You can select either*Enable*or*Disable*for these options. */VPN/* *Select Tunnel Entry*- Select the tunnels number you want to set up. *Delete*- click this to remove any entries made for this tunnel you selected. *Summary*- Click this button to display the status of all the tunnels. *IPSec VPN Tunnel*- Select*Enabled*to create a tunnel or*Disabled*to close the tunnel. *Tunnel Name*- Once the tunnel is enabled, enter an arbitrary name for the tunnel you are about to create. *Local Secure Group* This allows you to grant local computer access to this tunnel. Subnet This will allow all computers on the local subnet to access the tunnel. Enter the IP Address and Mask to allow access to the tunnel. IP Addr.This only allows the local computer with the specified IP address. Enter the IP address you want to allow access to the tunnel. IP RangeThis allows a range of local computers to access the tunnel. Enter the IP address range allowed to access the tunnel. * Remote Secure Group* This allows you grant remote computers access to this tunnel. Subnet This will allow all computers on the remote subnet to access the tunnel. Enter the IP Address and Mask to allow access to the tunnel. IP Addr.This only allows the remote computer with the specified IP address. Enter the IP address you want to allow access to the tunnel. IP RangeThis allows a range of remote computers to access the tunnel. Enter the IP address range allowed to access the tunnel. HostWhen this is selected, the settings will be the same as the Remote Security Gateway. Any This option will allow any IP address from a remote location to access this tunnel. * Remote Secure Gateway* This sets the remote end of the VPN tunnel. You can either specify the IP address, Domain, or Any. IP Addr.Enter the IP address of the remote tunnel you will connect. Domain This option lets you enter the fully qualified domain name. If you do not have an IP
Re: Need Help setting up a VPN Connection to my LAN
Hi Mark, The BEFSX41's were not completely configured for anything but SITE---SITE VPN. An IPSEC tunnel to tunnel can be setup evidently to work with a linux VPN client. where you have a static client IP address (no NAT), but you are correct, it's a bit of work. And there are some known issues: http://homecommunity.cisco.com/t5/Wired-Routers/VPN-works-causes-periodic-freezes-of-BEFSX41/m-p/227179?comm_cc=HSuscomm_lang=en#226944 Version: Do you have BEFSX41 v1 or v2? With the most recent firmware, the VPN page should look like this: http://ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm Linksys QuickVPN software and cisco VPN client will not work for IPSEC or this router. Linksys has instructions for setting up an IPSEC tunnel for the BEFSX41 (which is all it supports): http://homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 As you can see, you can, with this router, do passthrough and OpenVPN is so nice, easy and powerful, I recommend you just use it (rather than try to configure VPNs from this router) [simply check all three boxes on the BEFSX41 and save]. OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms.* *The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. You can get OpenVPNAS here (for Ubuntu, Fedora, CentOs and Redhat, as well as VirtualMachine images): http://openvpn.net/index.php/download/access-server-downloads.html To configure OpenVPN client in Linux: Simply surf to the port you setup for your OpenVPNAS server [usually 80/443] (be sure to port forward as needed) and login with the user name and password you setup and it will prompt you to download your client for Linux, OS X, or Windows. Client configuration instructions for Sentinel to BEFSX41: (useful for setting options in your linux client): http://www.homenethelp.com/vpn/router-config.asp On Jun 24, 2012 1:00 PM, Mark Phillips m...@phillipsmarketing.biz wrote: I need to take my laptop on several road trips, and I need to connect back to my home office LAN - all Debian machines. I am on COX cable with a BEFSX41 router. The BEFSX41 has a VPN option that I have never used. What do I need to add to my laptop (Debian) to talk to my home office LAN securely (ie through a VPN) using my BEFSX41? Obviously, I am a complete nube when it comes to setting up VPN access to my LAN. I have googled for some recommendations, but I have not found a good reference to follow. Thanks, Mark -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** http://it-clowns.comSafeway.com Automation Engineer --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need Help setting up a VPN Connection to my LAN
What's running on your laptop? With the Shrew Soft VPN client (ike and ide-gtgui on ubuntu) packages, you *might* get an IPSec connection going, but NAT on your laptop/remote end will likely trip things up. I would recommend steering clear of IPSec. OpenVPN is the VPN of choice for road warriors. On the home/server end, I use IPCop. It's a full featured firewall distro that contains OpenVPN (and IPSec) as well as a slew of other features. It will run nicely on an old P-III system, with as little as 128M of RAM and a 1G HDD. Find an old desktop system that's going to be scrapped, throw a 2nd nic in it, and you're ready to roll. You'll need a switch behind it for your LAN/Green subnet, but those are dirt cheap as well. -- -Eric 'shubes' On 06/24/2012 01:21 PM, Mark Phillips wrote: Stephen, Thanksthere are tons of options on the device. But I read that I need a vpn server on my LAN.other posts say no.Most of the information I found in forums is several years old, so I thought someone with more experience than me could point me to a better manual. I read this http://www.debian-administration.org/articles/489, but again it is over 5 years old, so perhaps there is a better solution? This is the manual page from the BEFSX41.I am not completely sure which options to use. Plus, I assume I may need something running on my laptop - OpenVPN? Do I need a VPN server on my LAN, or something else, to be able to login to my different machines? Mark */VPN/**/Passthrough/* This Router supports IPSec, PPTP, and PPPoE Passthrough. You can select either*Enable*or*Disable*for these options. */VPN/* *Select Tunnel Entry*- Select the tunnels number you want to set up. *Delete*- click this to remove any entries made for this tunnel you selected. *Summary*- Click this button to display the status of all the tunnels. *IPSec VPN Tunnel*- Select*Enabled*to create a tunnel or*Disabled*to close the tunnel. *Tunnel Name*- Once the tunnel is enabled, enter an arbitrary name for the tunnel you are about to create. *Local Secure Group* This allows you to grant local computer access to this tunnel. Subnet This will allow all computers on the local subnet to access the tunnel. Enter the IP Address and Mask to allow access to the tunnel. IP Addr.This only allows the local computer with the specified IP address. Enter the IP address you want to allow access to the tunnel. IP RangeThis allows a range of local computers to access the tunnel. Enter the IP address range allowed to access the tunnel. * Remote Secure Group* This allows you grant remote computers access to this tunnel. Subnet This will allow all computers on the remote subnet to access the tunnel. Enter the IP Address and Mask to allow access to the tunnel. IP Addr.This only allows the remote computer with the specified IP address. Enter the IP address you want to allow access to the tunnel. IP RangeThis allows a range of remote computers to access the tunnel. Enter the IP address range allowed to access the tunnel. HostWhen this is selected, the settings will be the same as the Remote Security Gateway. Any This option will allow any IP address from a remote location to access this tunnel. * Remote Secure Gateway* This sets the remote end of the VPN tunnel. You can either specify the IP address, Domain, or Any. IP Addr.Enter the IP address of the remote tunnel you will connect. Domain This option lets you enter the fully qualified domain name. If you do not have an IP address, you have an option to enter the domain of the tunnel you are connecting to. Any This will will allow any tunnel connection to be established. *Encryption* DES Data Encryption Standard (DES) is a type of encryption for this VPN tunnel. If you select this option, make sure the other end of the tunnel uses the same encryption type. 3DESTriple Data Encryption Standard (3DES) is a stronger type of encryption for this VPN Tunnel. If you select this option, make sure the other end of the tunnel uses the same encryption type. Disable This option will not encrypt for this tunnel. *Authentication* MD5 Message-Digest Algorithm (MD5)- Generates 128-bit message digest based on the input. If you select this option, make sure the other end of the tunnel uses the same authentication type. SHA Secure Hash Algorithm (SHA)- Generates 160-bit message digest based on the input. If you select this option, make sure the other end of the tunnel uses the same authentication type. DisabledThis option will not authenticate for this tunnel. *Key Management* In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption. This is done by sharing a key to encrypt code. You can select*Auto (IKE)*or*Manual*. *Automatic Key Management* PFS Perfect Forward Secrecy (PFS) ensures that the
Re: Need Help setting up a VPN Connection to my LAN
Thanks for all the comments. Based on what you have said and further research, I have come to the conlusion... 1. I need to install openvpn on a machine on my lan and on my laptop. 2. I will follow these instructions for installation and configuration - http://openvpn.net/index.php/open-source/documentation/howto.html#quick 3. Just enable all the vpn options on my BEFSX41 and pray it all connects...;) fallbackpurchase a cisco pix 501 and play with that. Thanks! Mark On Sun, Jun 24, 2012 at 3:20 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, The BEFSX41's were not completely configured for anything but SITE---SITE VPN. An IPSEC tunnel to tunnel can be setup evidently to work with a linux VPN client. where you have a static client IP address (no NAT), but you are correct, it's a bit of work. And there are some known issues: http://homecommunity.cisco.com/t5/Wired-Routers/VPN-works-causes-periodic-freezes-of-BEFSX41/m-p/227179?comm_cc=HSuscomm_lang=en#226944 Version: Do you have BEFSX41 v1 or v2? With the most recent firmware, the VPN page should look like this: http://ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm Linksys QuickVPN software and cisco VPN client will not work for IPSEC or this router. Linksys has instructions for setting up an IPSEC tunnel for the BEFSX41 (which is all it supports): http://homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 As you can see, you can, with this router, do passthrough and OpenVPN is so nice, easy and powerful, I recommend you just use it (rather than try to configure VPNs from this router) [simply check all three boxes on the BEFSX41 and save]. OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms.* *The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. You can get OpenVPNAS here (for Ubuntu, Fedora, CentOs and Redhat, as well as VirtualMachine images): http://openvpn.net/index.php/download/access-server-downloads.html To configure OpenVPN client in Linux: Simply surf to the port you setup for your OpenVPNAS server [usually 80/443] (be sure to port forward as needed) and login with the user name and password you setup and it will prompt you to download your client for Linux, OS X, or Windows. Client configuration instructions for Sentinel to BEFSX41: (useful for setting options in your linux client): http://www.homenethelp.com/vpn/router-config.asp On Jun 24, 2012 1:00 PM, Mark Phillips m...@phillipsmarketing.biz wrote: I need to take my laptop on several road trips, and I need to connect back to my home office LAN - all Debian machines. I am on COX cable with a BEFSX41 router. The BEFSX41 has a VPN option that I have never used. What do I need to add to my laptop (Debian) to talk to my home office LAN securely (ie through a VPN) using my BEFSX41? Obviously, I am a complete nube when it comes to setting up VPN access to my LAN. I have googled for some recommendations, but I have not found a good reference to follow. Thanks, Mark -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** http://it-clowns.comSafeway.com Automation Engineer --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need Help setting up a VPN Connection to my LAN
Thanks for all the comments. Based on what you have said and further research, I have come to the conlusion... 1. I need to install openvpn on a machine on my lan and on my laptop. 2. I will follow these instructions for installation and configuration - http://openvpn.net/index.php/open-source/documentation/howto.html#quick 3. Just enable all the vpn options on my BEFSX41 and pray it all connects...;) fallbackpurchase a cisco pix 501 and play with that. Thanks! Mark On Sun, Jun 24, 2012 at 3:20 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, The BEFSX41's were not completely configured for anything but SITE---SITE VPN. An IPSEC tunnel to tunnel can be setup evidently to work with a linux VPN client. where you have a static client IP address (no NAT), but you are correct, it's a bit of work. And there are some known issues: http://homecommunity.cisco.com/t5/Wired-Routers/VPN-works-causes-periodic-freezes-of-BEFSX41/m-p/227179?comm_cc=HSuscomm_lang=en#226944 Version: Do you have BEFSX41 v1 or v2? With the most recent firmware, the VPN page should look like this: http://ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm Linksys QuickVPN software and cisco VPN client will not work for IPSEC or this router. Linksys has instructions for setting up an IPSEC tunnel for the BEFSX41 (which is all it supports): http://homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 As you can see, you can, with this router, do passthrough and OpenVPN is so nice, easy and powerful, I recommend you just use it (rather than try to configure VPNs from this router) [simply check all three boxes on the BEFSX41 and save]. OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms.* *The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. You can get OpenVPNAS here (for Ubuntu, Fedora, CentOs and Redhat, as well as VirtualMachine images): http://openvpn.net/index.php/download/access-server-downloads.html To configure OpenVPN client in Linux: Simply surf to the port you setup for your OpenVPNAS server [usually 80/443] (be sure to port forward as needed) and login with the user name and password you setup and it will prompt you to download your client for Linux, OS X, or Windows. Client configuration instructions for Sentinel to BEFSX41: (useful for setting options in your linux client): http://www.homenethelp.com/vpn/router-config.asp On Jun 24, 2012 1:00 PM, Mark Phillips m...@phillipsmarketing.biz wrote: I need to take my laptop on several road trips, and I need to connect back to my home office LAN - all Debian machines. I am on COX cable with a BEFSX41 router. The BEFSX41 has a VPN option that I have never used. What do I need to add to my laptop (Debian) to talk to my home office LAN securely (ie through a VPN) using my BEFSX41? Obviously, I am a complete nube when it comes to setting up VPN access to my LAN. I have googled for some recommendations, but I have not found a good reference to follow. Thanks, Mark -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** http://it-clowns.comSafeway.com Automation Engineer --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need Help setting up a VPN Connection to my LAN
Hi Mark, Just so you know, OpenVPN Access Server, automatically sets up all the databases, certificates and web management. It's REALLY EASY SOLID and simple. You get something like 3 free licenses. I don't recommend you mess around with the regular OpenVPN instructions (as linked below on your response) - unless you are masochistic. Use these: http://openvpn.net/index.php/access-server/docs/quick-start-guide.html Excerpt: *Linux Distribution:* You will need to make sure you download the package that corresponds with the current OS Distro, we currently support these Linux Distros: - Ubuntu - RHEL - Fedora - CentOS - Debian (Install Ubuntu Packages for Debian) Click here to download the OpenVPN Access Server packageshttp://openvpn.net/index.php/access-server/download-openvpn-as-sw.html *CPU Architecture: *You will need to make sure you install the correct package depending on your CPU Architecture (32bit or 64bit) * Installing the OpenVPN-AS Package: *To Install the OpenVPN-AS package in Ubuntu or Debian you will need to run this command: *dpkg -i openvpnasdebpack.deb* To install the OpenVPN-AS package in CentOS, RHEL, or Fedora you will need to run this command: *rpm -i openvpnasrpmpack.rpm* The Admin Account for OpenVPN-AS needs to be setup through terminal by doing the following: Change the password: passwd openvpn You will then be prompted to set a password for the user openvpn, after setting the password you can login to the Admin UI with the Username openvpn and the password you set. *Note: In some circumstances for certain configurations you may need to run the complete ovpn-init script terminal: /usr/local/openvpn_as/bin/ovpn-init* *Configuring the Admin Web Interface: *After you have completed the Initial Configuration Tool you should then be able to access the Admin Web Interface through your preferred web browser. You should have noticed an link to the Admin Web Interface after you completed the Initial Configuration Tool, if you missed it you can access the Admin Web Interface by typing the following in your browsers address bar: https://openvpnasip/admin https://openvpnasip:943/admin (Please replace openvpnasip with the IP you allocated to your openvpn-as instance) https://openvpnasip:943/admin You can now go ahead and login with your openvpn admin credentials. Once logged in you will see the following screen: end excerpt On Sun, Jun 24, 2012 at 6:08 PM, Mark Phillips m...@phillipsmarketing.bizwrote: Thanks for all the comments. Based on what you have said and further research, I have come to the conlusion... 1. I need to install openvpn on a machine on my lan and on my laptop. 2. I will follow these instructions for installation and configuration - http://openvpn.net/index.php/open-source/documentation/howto.html#quick 3. Just enable all the vpn options on my BEFSX41 and pray it all connects...;) fallbackpurchase a cisco pix 501 and play with that. Thanks! Mark On Sun, Jun 24, 2012 at 3:20 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, The BEFSX41's were not completely configured for anything but SITE---SITE VPN. An IPSEC tunnel to tunnel can be setup evidently to work with a linux VPN client. where you have a static client IP address (no NAT), but you are correct, it's a bit of work. And there are some known issues: http://homecommunity.cisco.com/t5/Wired-Routers/VPN-works-causes-periodic-freezes-of-BEFSX41/m-p/227179?comm_cc=HSuscomm_lang=en#226944 Version: Do you have BEFSX41 v1 or v2? With the most recent firmware, the VPN page should look like this: http://ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm Linksys QuickVPN software and cisco VPN client will not work for IPSEC or this router. Linksys has instructions for setting up an IPSEC tunnel for the BEFSX41 (which is all it supports): http://homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 As you can see, you can, with this router, do passthrough and OpenVPN is so nice, easy and powerful, I recommend you just use it (rather than try to configure VPNs from this router) [simply check all three boxes on the BEFSX41 and save]. OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms.* *The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. You can get OpenVPNAS here (for Ubuntu, Fedora, CentOs and Redhat, as well as VirtualMachine images): http://openvpn.net/index.php/download/access-server-downloads.html To configure OpenVPN client in Linux: Simply surf to the port you
Re: Need Help setting up a VPN Connection to my LAN
Lisa, Don't I have to pay a license fee for the OpenVPN Access Server? When I looked on the site, I was prompted to buy a license. Mark On Sun, Jun 24, 2012 at 7:09 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, Just so you know, OpenVPN Access Server, automatically sets up all the databases, certificates and web management. It's REALLY EASY SOLID and simple. You get something like 3 free licenses. I don't recommend you mess around with the regular OpenVPN instructions (as linked below on your response) - unless you are masochistic. Use these: http://openvpn.net/index.php/access-server/docs/quick-start-guide.html Excerpt: *Linux Distribution:* You will need to make sure you download the package that corresponds with the current OS Distro, we currently support these Linux Distros: - Ubuntu - RHEL - Fedora - CentOS - Debian (Install Ubuntu Packages for Debian) Click here to download the OpenVPN Access Server packageshttp://openvpn.net/index.php/access-server/download-openvpn-as-sw.html *CPU Architecture: *You will need to make sure you install the correct package depending on your CPU Architecture (32bit or 64bit) * Installing the OpenVPN-AS Package: *To Install the OpenVPN-AS package in Ubuntu or Debian you will need to run this command: *dpkg -i openvpnasdebpack.deb* To install the OpenVPN-AS package in CentOS, RHEL, or Fedora you will need to run this command: *rpm -i openvpnasrpmpack.rpm* The Admin Account for OpenVPN-AS needs to be setup through terminal by doing the following: Change the password: passwd openvpn You will then be prompted to set a password for the user openvpn, after setting the password you can login to the Admin UI with the Username openvpn and the password you set. *Note: In some circumstances for certain configurations you may need to run the complete ovpn-init script terminal: /usr/local/openvpn_as/bin/ovpn-init* *Configuring the Admin Web Interface: *After you have completed the Initial Configuration Tool you should then be able to access the Admin Web Interface through your preferred web browser. You should have noticed an link to the Admin Web Interface after you completed the Initial Configuration Tool, if you missed it you can access the Admin Web Interface by typing the following in your browsers address bar: https://openvpnasip/admin https://openvpnasip:943/admin (Please replace openvpnasip with the IP you allocated to your openvpn-as instance) https://openvpnasip:943/admin You can now go ahead and login with your openvpn admin credentials. Once logged in you will see the following screen: end excerpt On Sun, Jun 24, 2012 at 6:08 PM, Mark Phillips m...@phillipsmarketing.biz wrote: Thanks for all the comments. Based on what you have said and further research, I have come to the conlusion... 1. I need to install openvpn on a machine on my lan and on my laptop. 2. I will follow these instructions for installation and configuration - http://openvpn.net/index.php/open-source/documentation/howto.html#quick 3. Just enable all the vpn options on my BEFSX41 and pray it all connects...;) fallbackpurchase a cisco pix 501 and play with that. Thanks! Mark On Sun, Jun 24, 2012 at 3:20 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, The BEFSX41's were not completely configured for anything but SITE---SITE VPN. An IPSEC tunnel to tunnel can be setup evidently to work with a linux VPN client. where you have a static client IP address (no NAT), but you are correct, it's a bit of work. And there are some known issues: http://homecommunity.cisco.com/t5/Wired-Routers/VPN-works-causes-periodic-freezes-of-BEFSX41/m-p/227179?comm_cc=HSuscomm_lang=en#226944 Version: Do you have BEFSX41 v1 or v2? With the most recent firmware, the VPN page should look like this: http://ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm Linksys QuickVPN software and cisco VPN client will not work for IPSEC or this router. Linksys has instructions for setting up an IPSEC tunnel for the BEFSX41 (which is all it supports): http://homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 As you can see, you can, with this router, do passthrough and OpenVPN is so nice, easy and powerful, I recommend you just use it (rather than try to configure VPNs from this router) [simply check all three boxes on the BEFSX41 and save]. OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms.* *The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based
Re: Need Help setting up a VPN Connection to my LAN
No, you don't need a license for OpenVPNAS. http://openvpn.net/index.php/access-server/docs/admin-guides/218-how-to-activate-your-license-in-openvpn-access-server.html It comes with a couple licenses - if you buy 10 license for use in a corporate environment, it's $50.00 bill for a lifetime of security. See *http://openvpn.net/index.php/access-server/license-key.html* Register and get your free 2 license community license key: https://openvpn.net/index.php/component/comprofiler/registers.html On Sun, Jun 24, 2012 at 7:26 PM, Mark Phillips m...@phillipsmarketing.bizwrote: Lisa, Don't I have to pay a license fee for the OpenVPN Access Server? When I looked on the site, I was prompted to buy a license. Mark On Sun, Jun 24, 2012 at 7:09 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, Just so you know, OpenVPN Access Server, automatically sets up all the databases, certificates and web management. It's REALLY EASY SOLID and simple. You get something like 3 free licenses. I don't recommend you mess around with the regular OpenVPN instructions (as linked below on your response) - unless you are masochistic. Use these: http://openvpn.net/index.php/access-server/docs/quick-start-guide.html Excerpt: *Linux Distribution:* You will need to make sure you download the package that corresponds with the current OS Distro, we currently support these Linux Distros: - Ubuntu - RHEL - Fedora - CentOS - Debian (Install Ubuntu Packages for Debian) Click here to download the OpenVPN Access Server packageshttp://openvpn.net/index.php/access-server/download-openvpn-as-sw.html *CPU Architecture: *You will need to make sure you install the correct package depending on your CPU Architecture (32bit or 64bit) * Installing the OpenVPN-AS Package: *To Install the OpenVPN-AS package in Ubuntu or Debian you will need to run this command: *dpkg -i openvpnasdebpack.deb* To install the OpenVPN-AS package in CentOS, RHEL, or Fedora you will need to run this command: *rpm -i openvpnasrpmpack.rpm* The Admin Account for OpenVPN-AS needs to be setup through terminal by doing the following: Change the password: passwd openvpn You will then be prompted to set a password for the user openvpn, after setting the password you can login to the Admin UI with the Username openvpn and the password you set. *Note: In some circumstances for certain configurations you may need to run the complete ovpn-init script terminal: /usr/local/openvpn_as/bin/ovpn-init* *Configuring the Admin Web Interface: *After you have completed the Initial Configuration Tool you should then be able to access the Admin Web Interface through your preferred web browser. You should have noticed an link to the Admin Web Interface after you completed the Initial Configuration Tool, if you missed it you can access the Admin Web Interface by typing the following in your browsers address bar: https://openvpnasip/admin https://openvpnasip:943/admin (Please replace openvpnasip with the IP you allocated to your openvpn-as instance) https://openvpnasip:943/admin You can now go ahead and login with your openvpn admin credentials. Once logged in you will see the following screen: end excerpt On Sun, Jun 24, 2012 at 6:08 PM, Mark Phillips m...@phillipsmarketing.biz wrote: Thanks for all the comments. Based on what you have said and further research, I have come to the conlusion... 1. I need to install openvpn on a machine on my lan and on my laptop. 2. I will follow these instructions for installation and configuration - http://openvpn.net/index.php/open-source/documentation/howto.html#quick 3. Just enable all the vpn options on my BEFSX41 and pray it all connects...;) fallbackpurchase a cisco pix 501 and play with that. Thanks! Mark On Sun, Jun 24, 2012 at 3:20 PM, Lisa Kachold lisakach...@obnosis.comwrote: Hi Mark, The BEFSX41's were not completely configured for anything but SITE---SITE VPN. An IPSEC tunnel to tunnel can be setup evidently to work with a linux VPN client. where you have a static client IP address (no NAT), but you are correct, it's a bit of work. And there are some known issues: http://homecommunity.cisco.com/t5/Wired-Routers/VPN-works-causes-periodic-freezes-of-BEFSX41/m-p/227179?comm_cc=HSuscomm_lang=en#226944 Version: Do you have BEFSX41 v1 or v2? With the most recent firmware, the VPN page should look like this: http://ui.linksys.com/files/BEFSX41/1.52.5/Security-VPN-Tunnel-Enabled.htm Linksys QuickVPN software and cisco VPN client will not work for IPSEC or this router. Linksys has instructions for setting up an IPSEC tunnel for the BEFSX41 (which is all it supports): http://homesupport.cisco.com/en-us/wireless/lbc/BEFSX41 As you can see, you can, with this router, do passthrough and OpenVPN is so nice, easy and powerful, I recommend you just use it (rather than try to configure VPNs from this router) [simply check all