[Scottish] FW: VPN

2003-03-21 Thread Keith Stenson 
Hi everyone,

I've never setup a VPN before but am I right in thinking that all that’s
needed is the right software and two static ip addresses.

I'm trying to help out a small community group set one up and they have
received quotes for 11,000 upwards, although I never set a VPN up I
always thought that it wasn't necessary to get special equipment.

Any advice on this would be much appreciated!

Thanks!

Keith.

--
"Mayonaise": a única vez que Billy Corgan riu de felicidade no meio de
uma música, talvez?



___
Scottish mailing list
[EMAIL PROTECTED]
http://mailman.lug.org.uk/mailman/listinfo/scottish

Re: [Scottish] FW: VPN

2003-03-21 Thread Colin McKinnon 
Keith Stenson wrote:

Hi everyone,

I've never setup a VPN before but am I right in thinking that all that’s
needed is the right software and two static ip addresses.
I'm trying to help out a small community group set one up and they have
received quotes for 11,000 upwards, although I never set a VPN up I
always thought that it wasn't necessary to get special equipment.
 

ermno. You only need one fixed IP - less if you have access to DDNS. 
£11, ! SCANDALOUS! Last one I installed costlets seeoh yes, 
I had to buy a BT Highway ISDN card for one end (the other end already 
connected) so£25 + labour.

If you're a bit concerned about your skill level, then I'd recommend 
getting a copy of 'Building Linux VPNs' (see 
http://www.buildinglinuxvpns.net/) for full details, but there's a 
potted guide on how to setup a VPN over stunnel (SSL) at 
http://www.stunnel.org/examples/pppvpn.html which also has a link to a 
page on doing the same thing with SSH.

One thing to watch out for is trying to run SMB across sub-nets (which 
can be a total pig if you're using pre MAD domains and not using Samba).

Note that if one end only has a single PC running MS Windoze, you might 
be easier using PPTP (don't use the Windoze box as the server!).

HTH

Colin
(still looking for a systems admin job :( )
___
Scottish mailing list
[EMAIL PROTECTED]
http://mailman.lug.org.uk/mailman/listinfo/scottish

Re: [Scottish] FW: VPN

2003-03-21 Thread ray 
Hi Keith;
> I've never setup a VPN before but am I right in thinking that all that's
> needed is the right software and two static ip addresses
With a 'nix box at each end that's about it.  It gets a little more complicated if one 
of the gateways is MS or Cisco.  Most Linux distros will include freeswan for IPsec 
VPN and there is PoPToP to use Linux as a MS VPN Server.

--  
  ray

___
Scottish mailing list
[EMAIL PROTECTED]
http://mailman.lug.org.uk/mailman/listinfo/scottish

Re: [Scottish] FW: VPN

2003-03-21 Thread Miah Gregory 
In message <[EMAIL PROTECTED]>
  "Keith Stenson" <[EMAIL PROTECTED]> wrote:

> I've never setup a VPN before but am I right in thinking that all that’s
> needed is the right software and two static ip addresses.

As has been noted previously, only one static ip address is necessary. Two
is a bonus, as you can then restrict the vpn connections on a host by host
basis, increasing security.

> I'm trying to help out a small community group set one up and they have
> received quotes for 11,000 upwards, although I never set a VPN up I
> always thought that it wasn't necessary to get special equipment.

As is the way with a lot of things these days, you can often get both
software and hardware based solutions for the same problems.

> Any advice on this would be much appreciated!

If you have the luxury of two linux/solaris/bsd machines, one for each end
of the link, then I can recommend vtun (),
which I use daily. Depending on what you want to do, it can be a little
fiddly to set up, but with a straight tcp based connection, it's pretty
simple.

-- 
Miah Gregory

___
Scottish mailing list
[EMAIL PROTECTED]
http://mailman.lug.org.uk/mailman/listinfo/scottish

Re: [Scottish] FW: VPN

2003-03-21 Thread Colin McKinnon 
ray wrote:

Hi Keith;
 

I've never setup a VPN before but am I right in thinking that all that's
needed is the right software and two static ip addresses
   

With a 'nix box at each end that's about it.  It gets a little more complicated if one of the gateways is MS or Cisco.  Most Linux distros will include freeswan for IPsec VPN and there is PoPToP to use Linux as a MS VPN Server.

IPSEC can produce a number of additional complications - it was designed 
around an assumtion of  connecting two (or more) points with fixed 
(real) IP addresses. Although a lot of these problems go away of you 
disable EPA (possible with FreeSwan - not with other implementations 
including MS) there are then implications for securing, configuring and 
authenticating the channel (e.g. opportunistic encryption is not 
available). Last time I checked, it wouldn't use x509 certificates 
either - although for a two site VPN this isn't so much of an issue.

It does work and is reportedly very stable. Since IPSEC is a well 
established standard, it will interoperate with most other 
implementations (but not necessarily in all configurations).

You pays your money and takes your choice. (only you don't - cos its free)

Colin

___
Scottish mailing list
[EMAIL PROTECTED]
http://mailman.lug.org.uk/mailman/listinfo/scottish

Re: [Scottish] FW: VPN

2003-03-21 Thread ray 
On Friday 21 March 2003 11:21, Colin McKinnon wrote:
> It does work and is reportedly very stable.

Well I set up a tunnel between the lans at our sites (freeswan, fixed IPs, ADSL in 
Chester, dial-on-demand ISDN in Glasgow SuSE 7.3 and 8.0)) almost two years ago and it 
just works.  

The biggest problem with Unix admin is remembering how to do stuff.  You set something 
up and it just works for years until someone drops something important.  Whereas 
people that nurse MS systems get to practise installing stuff from scratch.

--  
  ray

___
Scottish mailing list
[EMAIL PROTECTED]
http://mailman.lug.org.uk/mailman/listinfo/scottish