Linux to Linux VPN

Hey All,

Hopefully this is something that can be done.

I have a main office with a Win2000 server.  I have a remote office with 3
computers, right now each of the remote computers connects to the
windows2000 server over the internet using VPN with the W2K box being the
VPN server.  This causes a few problems because of the domain login and the
user's are not the ummmm brightest with computers.

What I want to do it place a perment VPN with auto re-connect so when they
unplug the DSL modem to plug in the Fax (I know I know) and then plug the
DSL back in it will re-sync the VPN.

Can I use a Linux box on either end to do this?  and where would I start?

Thanks

Lee
0
Lee
10/4/2003 3:25:12 AM
grc.techtalk.linux 3969 articles. 0 followers. Follow

14 Replies
1253 Views

Similar Articles

[PageSpeed] 36

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Fri, 3 Oct 2003 23:25:12 -0400, Lee <latrotter@spamless.sympatico.ca> wrote:
> What I want to do it place a perment VPN with auto re-connect so when they
> unplug the DSL modem to plug in the Fax (I know I know) and then plug the
> DSL back in it will re-sync the VPN.
>
> Can I use a Linux box on either end to do this?  and where would I start?

Indeed you can... 

I'd set up two boxes, although you could do it with just one... running 
OpenVPN (openvpn.sf.net) for VPN software, bridging the two networks 
together.

Then come up with something to check to see if the link is still up 
(although openvpn may do this automatically or may not need it at all) 
.... and if it goes down, check for the Internet to come back up, and 
when it's back up, re-establish the connection.

It would be a fun little thing to set up.  :-)

-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
     athlonrob at axpr dot net     |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/fkoNhm6KEoOOAe0RAowIAJwIQYrnzU9iSLlGw1/SdsxHz8HUzACeLhUc
f9v4AS37PpWT3zo9bvvW/jo=
=8iMr
-----END PGP SIGNATURE-----
0
AthlonRob
10/4/2003 4:17:15 AM
Lee wrote:

> unplug the DSL modem to plug in the Fax (I know I know)

Oh Deity! *slaps head*

Is this a case of user idiocy, or incompetance on he part of whoever 
failed/refuses to install a 2nd phone line?

MC
0
mc
10/4/2003 10:48:44 AM
In article <bkhllb.qrc.ln@dsl-gervais-88.web-ster.com>, 
athlonrob@nodomainhere.ext says...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
> 
> On Fri, 3 Oct 2003 23:25:12 -0400, Lee <latrotter@spamless.sympatico.ca> wrote:
> > What I want to do it place a perment VPN with auto re-connect so when they
> > unplug the DSL modem to plug in the Fax (I know I know) and then plug the
> > DSL back in it will re-sync the VPN.
> >
> > Can I use a Linux box on either end to do this?  and where would I start?
> 
> Indeed you can... 
> 
> I'd set up two boxes, although you could do it with just one... running 
> OpenVPN (openvpn.sf.net) for VPN software, bridging the two networks 
> together.

But, the OP already *has* a working VPN...

I don't see the sense in ignoring your workling VPN, getting 2 new 
boxes, learning and getting openvpn working and connecting your 2 
locations.
> 
> Then come up with something to check to see if the link is still up 

Come up with something to do this with the current solution ... you've 
just advised him to set up all new harddware and software, and have no 
idea if he will still have the same problem.....

> (although openvpn may do this automatically or may not need it at all) 
> ... and if it goes down, check for the Internet to come back up, and 
> when it's back up, re-establish the connection.
> 
> It would be a fun little thing to set up.  :-)
> 
Setting up VPN's is not my idea of fun, and I have a pretty warped sense 
of fun. Educational, yes ... Frustrating ... often.

-- 
Bloated Elvis
0
Bloated
10/4/2003 1:33:42 PM
We're tried training them, for some reason their DSL doesn't re-sync
properly you need to reset the modem, other sites with DSL seem ok with the
same setup.  We're told the over and over don't more the network equipment.
Usually we leave them down for about a week or 2 everytime they do this.

The static VPN is my ideal solution because you can just picture how fun it
it trying to train them that they have to establish the VPN before they can
check their mail.


"mc" <REPLY.TO.NEWSGROUP@mctech.org> wrote in message
news:blm8nu$9du$1@news.grc.com...
> Lee wrote:
>
> > unplug the DSL modem to plug in the Fax (I know I know)
>
> Oh Deity! *slaps head*
>
> Is this a case of user idiocy, or incompetance on he part of whoever
> failed/refuses to install a 2nd phone line?
>
> MC
>
0
Lee
10/4/2003 4:17:51 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Sat, 4 Oct 2003 09:33:42 -0400, Bloated Elvis <thel8elvis@hotmail.com> wrote:

> Setting up VPN's is not my idea of fun, and I have a pretty warped sense 
> of fun. Educational, yes ... Frustrating ... often.

You haven't been using the right VPN software, then....  :-)

As per your other points - the OP didn't make give us very much 
information about his current setup, except that it had Windows boxes.  
What the were running, how they were connected, we don't know.  He made 
it sound (to me, anyway) like he was looking at setting up something 
from scratch, pretty much.

Maybe I misread it, though.  :-)

It wouldn't make much sense (to me, anyway) to be asking how Linux could 
be used to restore a VPN connection between two Windows boxes who 
already have a VPN set up and working properly.

-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
     athlonrob at axpr dot net     |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/fv8phm6KEoOOAe0RAqWnAKD37xRJ0AAdu7g3SyximreT1aDicQCgmpwc
SwemnLr3zyGFweat6PMFMyw=
=R02q
-----END PGP SIGNATURE-----
0
AthlonRob
10/4/2003 5:10:03 PM
Yes my though 2 trains of though (coming at each other at times it seems),
is put a linux box in the remote location, and have it either connect to the
W2K server which has the VPN running, or establish a new VPN only Linux
server at the main site so they people don't actually connect directly to
the W2K box, which would not upset me since it further removes it from the
internet that way.

I think I'll try the one box at the remote site, connecting to the W2K VPN
because I only need to setup one box that way.

Thanks

Lee
0
Lee
10/4/2003 5:23:58 PM
Sorry the setup is a follows

Main Site:
Cable Broadband
Dlink 804V router with the VPN port open and forwarded to the server
Windows 2000 SBS with all service packs & hot fixes applied
Routing and Remote access configured on the server using the servers DHCP
for IP address assignment

Remote:
Windows XP Pro with SP1
Broad band of some sort (Cable/DSL) with with a SOHO router

While this setup DOES work, the users have problems with it namely because
they must manually connect to the VPN to get to their email & server
directories and cannot be connected to the VPN to use the shared printer at
their site.  Which they seem to have continued trouble to understand and
use.

So the solution I'd like to put into place, that I was thinking was a Linux
box at their end, and one at the server end, connect these two boxes using a
VPN so it will then appear that they are always on the network even though
they are at the remote site.

Thanks

Lee
0
Lee
10/5/2003 2:27:53 PM
mc wrote:
> Lee wrote:
> 
>> unplug the DSL modem to plug in the Fax (I know I know)
> 
> 
> Oh Deity! *slaps head*
> 
> Is this a case of user idiocy, or incompetance on he part of whoever 
> failed/refuses to install a 2nd phone line?
> 
> MC
> 
ROTFLM,MF,AO
0
Koiman
10/5/2003 3:14:58 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Sun, 5 Oct 2003 10:27:53 -0400, Lee <latrotter@spamless.sympatico.ca> wrote:
> Main Site:
> Cable Broadband
> Dlink 804V router with the VPN port open and forwarded to the server
> Windows 2000 SBS with all service packs & hot fixes applied
> Routing and Remote access configured on the server using the servers DHCP
> for IP address assignment
>
> Remote:
> Windows XP Pro with SP1
> Broad band of some sort (Cable/DSL) with with a SOHO router
<snip>
> So the solution I'd like to put into place, that I was thinking was a Linux
> box at their end, and one at the server end, connect these two boxes using a
> VPN so it will then appear that they are always on the network even though
> they are at the remote site.

I still like OpenVPN - the 1.5 series (still in Beta at the moment - but 
very stable and usable) has Windows support.  You wouldn't need to open 
up a port on your firewall for this setup - any stateful firewall will 
notice both ends hitting the same port and connect them together.

You could do it without setting up a Linux box at all, although I really 
don't know how functional Windows' ethernet bridging support is.  With 
Linux, I can bridge the ovpn connection with the ethernet connections 
and the remote box thinks it is plugged in to the switch with everybody 
else, more or less.  Bridge both ends, and you have two networks 
thinking they're connected together physically.

I also don't know how easy it would be to toss in the upness checking on 
the Windows side ... hmmm ... cygwin might do it.  I'd just, on the 
Linux side, run a cron job every <insert acceptable time limit here> 
minutes to see if it can talk to the other computer.  If not, it would 
do whatever is needed to bring up the connection again.

I don't understand how your current VPN causes them to be unable to 
print on their local network printer - that seems very odd.  What VPN 
software is it you're using, anyway?  Something built in to Windows or 
what?

-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
     athlonrob at axpr dot net     |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/gGCahm6KEoOOAe0RAuovAKC8hD7GbFp9ogSKK7371mrPCYlLYQCgnLqa
3Zh0oC4I9pIyNqBNeRWMJT8=
=DcMC
-----END PGP SIGNATURE-----
0
AthlonRob
10/5/2003 6:18:04 PM
AthlonRob wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
> 
> On Fri, 3 Oct 2003 23:25:12 -0400, Lee <latrotter@spamless.sympatico.ca>
> wrote:
>> What I want to do it place a perment VPN with auto re-connect so when
>> they unplug the DSL modem to plug in the Fax (I know I know) and then
>> plug the DSL back in it will re-sync the VPN.
>>
>> Can I use a Linux box on either end to do this?  and where would I start?
> 
> Indeed you can...
> 
> I'd set up two boxes, although you could do it with just one... running
> OpenVPN (openvpn.sf.net) for VPN software, bridging the two networks
> together.
> 
> Then come up with something to check to see if the link is still up
> (although openvpn may do this automatically or may not need it at all)
> ... and if it goes down, check for the Internet to come back up, and
> when it's back up, re-establish the connection.
> 
> It would be a fun little thing to set up.  :-)
> 
may be you could try cipe. 

http://sites.inka.de/bigred/devel/cipe.html
0
huemul
10/5/2003 7:05:17 PM
Yeah that is the idea I was thinking about, with the box to box connection.
From what I've read WinXP Pro supports bridging no problem but the Win2000
Server does not.  Since it would require setting up two XP boxes (at the
cost of buying XP) vs 2 Linux Boxes at zero cost because I can use older
machines, I think I'll go the Linux route.

VPN software being used what included with Windows XP and 2000

They can't print to the network printer at their remote office with the VPN
up because they are all on 192.168.1.x subnet and connect to the print which
is on the same subnet (HP Print server) using TCP, when the VPN is connected
the TCP all get routed to the server which does not have that printer
installed. It's the same as at another office that is using the Nortel VPN
client.

With the 2 bridged boxes it would work like a charm.

Question, what clients can be used to connect to an OpenVPN server?  Can I
use the existing VPN connection in windows XP to connect to the new OpenVPN
I'll have setup?

Thanks

Lee
0
Lee
10/5/2003 8:46:03 PM
On Fri, 3 Oct 2003 23:25:12 -0400, Lee wrote:

> Hey All,
> 
> Hopefully this is something that can be done.
> 
> I have a main office with a Win2000 server.  I have a remote office with 3
> computers, right now each of the remote computers connects to the
> windows2000 server over the internet using VPN with the W2K box being the
> VPN server.  This causes a few problems because of the domain login and the
> user's are not the ummmm brightest with computers.

Do yourself a favor and find heterogenious VPN boxes to do this setup.
Save yourself the torment.  Honest I dont work for this company,(I have
been shilling them a lot lately) ;) but Snapgears are my personal network
duct-tape.  http://www.snapgear.com.  If you are hell-bent on using W2k
PPTP Snapgear supports that as well.  Although I have never used that
feature.

> What I want to do it place a perment VPN with auto re-connect so when they
> unplug the DSL modem to plug in the Fax (I know I know) and then plug the
> DSL back in it will re-sync the VPN.

This will be unacceptable.  You would need some kind of VPN with a
heartbeat feature to kill the SA when the ohter unexpectantly goes down.
Those tend to be more expensive.  Why are they unplugging it?  Dont they
know you can get a 2$ DSL filter at Radio Shack?
0
W
10/6/2003 2:58:17 PM
Lee wrote:
> Hey All,
> 
> Hopefully this is something that can be done.
> 
> I have a main office with a Win2000 server.  I have a remote office with 3
> computers, right now each of the remote computers connects to the
> windows2000 server over the internet using VPN with the W2K box being the
> VPN server.  This causes a few problems because of the domain login and the
> user's are not the ummmm brightest with computers.
> 
> What I want to do it place a perment VPN with auto re-connect so when they
> unplug the DSL modem to plug in the Fax (I know I know) and then plug the
> DSL back in it will re-sync the VPN.
> 
> Can I use a Linux box on either end to do this?  and where would I start?
> 
> Thanks
> 
> Lee
> 
> 

You might want to look at SME server at www.e-smith.org
linux, free, lots of contribs, including setting up site to site vpn 
using freeswan
AFAIK, you need to have static IP addresses at each end.
I set it up on a test network at my job and it worked.
Check it out.

steve
0
Steve
10/6/2003 10:34:23 PM
> Do yourself a favor and find heterogenious VPN boxes to do this setup.

Make that "homogeneous"  Ack.
0
W
10/7/2003 1:51:55 AM
Reply:

Similar Artilces:

Migrate linux to linux
We want to migrate our gw7 from netware to linux but because we lack a spliffy new server i need to move it to a temporary server first. Thankfully we have an OES2 'test' server currently running in our production tree with suse10 and oes2. After we migrate the Netware server to the test server and get everything running, is it enough to just install the agents on the real server, copy the entire database over from test maintaining path etc, change some ip's in the nds and hit start ? - Arjan On Wed, 20 Feb 2008 15:46:01 +0000, Arjan wrote: > After we m...

Samba: win to linux fine, natilus (linux) to linux asks for password
Hi! Basically that is my particular issue, adding that I've set it up over openvpn as well, to the same server. [win -> linux] - see public (for existing users) shares and try to enter them - when asked for user and password, can see the contents of the public share along with my home folder - can see the shared local printer, and open and view current print jobs on the server (cannot print tough, will write another post about that) [linux to linux] - try to access the server via smbclient -L and can see shares ok - from nautilus, with the address smb://10.22.22.1 ...

Linux Services on Linux OES2
Hi all, i´m testing a 2 node cluster (maybe more in the future) on OES2 (SLES10SP1, iSCSI on HP MSA1510i). Finally i want to cluster some NSS-Volumes, Groupwise and a CVS Server. Will this be possible?? Are there Linux-Services, which are not possible to implement with Novell Cluster Services? Thanks in advance. Alex Alexander Lorenz, NSS volumes and GroupWise are possible to cluster. I'm not sure about the CVS server though. Basically any serice that can access data from an NSS volume or from eDirectory should be possible to cluster. NCS requires NSS volumes, in...

How to share a printer Linux to Linux
Hi, I've seen lots of posts on sharing printers in a mixed network, but I have 3 machines all with SUSE 10.3 - and I am having great difficulty in figuring out how to share the printer attached to the machine I use as a server. I have even tried Samba, but no success. Has anyone succeeded with setting up a shared printer using YAST? thanks for any reply -- prtowlson ------------------------------------------------------------------------ I just solved your problem yesterday. I'm printing using cups and IPP. So I didn't print via samba. You should ...

Dual boot
Recently, all of the sata controllers on my system board went south. Rather than buy a new board, I decided to dump Windows completely (since it is a pain to get working from an external drive) and just go with Ubuntu as an external. The Ubuntu install went fine. Everything so far is working. I decided to take the drive that used to have XP on it and set up a couple of other distro's to take a look at. I installed Kbuntu, and everything worked fine. I then installed Mepis. After the install I got a grub error:2 which I believe is that it cannot find the OS. I know this is d...

OES(Linux) to OES2 (Linux)
Have a gaggle of servers running OES Linux. What are the reasons, compelling or otherwise, for upgrading/migrating, to OES2? Most of what I see are focused on convincing NetWare user to migrate to OES2. Being EOL or near EOL, would not be sufficient reason. -- joea ------------------------------------------------------------------------ On Fri, 14 Aug 2009 14:36:04 +0000, joea wrote: > Being EOL or near EOL, would not be sufficient reason. If it's a production system it is. I would get all OES1 servers updated to OES2 ASAP. -- Joe Marton Novel...

LINUX and Adaptive Server for LINUX
What does everybody think about the stability of Sybase on LINUX, and where can i get mor information about it? -- Ramses Palomo CSSoftware, Inc. Guatemala rpalomo@starnet.net.gt This is a multi-part message in MIME format. --------------1131468DB38D86409C30C2E2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ramses Palomo wrote: > > What does everybody think about the stability of Sybase on LINUX, and > where can i get mor information about it? > > -- > Ramses Palomo > CSSoftware, Inc. Guatemala > rpalomo@starne...

Linux
Hi, When will EA-Studio 3.0 be released? Ar ther any plan to port EA-Studio to Linux? Thanks Andy Andreas Luethi Consultant, Information Services Unisys (Schweiz) AG EAStudio 3.0 will ship VERY VERY soon. The product has left engineering. We are investigating a Linux port at this time, but no decision has been made. Dave Wolf Internet Applications Division Andreas Luethi wrote: > Hi, > > When will EA-Studio 3.0 be released? > Ar ther any plan to port EA-Studio to Linux? > > Thanks Andy > > Andreas Luethi > Consultant, Information S...

Linux
Hi all, Is there anybody out there who can sell me an old copy of Delphi for Linux? I actually had a copy once, when it was sold under a special name (??) but that disk seems to have disapeared... Thanks, Bart -- Bart Kindt / SARTrack Limited New Zealand www.sartrack.co.nz Hello, Bart Kindt wrote: > I actually had a copy once, when it was sold under a special name (??) that would probably be "Kylix". -- Moritz "Hey, it compiles! Ship it!" Bart Kindt schrieb: > Is there anybody out there who can sell me an old copy of Delphi for ...

Linux
Hi, Is it possible to have a Linux box print to a ndps printer??? I've got every (queue based) printer working but cannot get to any ndps printers. Thanks in advance Bob Hi Bob, >Is it possible to have a Linux box print to a ndps >printer??? I've got every (queue based) printer >working but cannot get to any ndps printers. You can enable lpr on the specific ndsp printers, which should enable you to print from a linux box.... regards -Frank Korpershoek- :Korpershoek Networking: :tel +31 15 2130034:mob +31 6 55730822:fax +31 15 2124278: ...

linux
Hello every one i downloaded the rpm version of sybase adaptive server 11.2 and used the command rpm -ivh whatever.rpm to install the sybase adaptive server can any one walk me through on how to start the server and stop the server thanks ashok try sybase.public.sqlserver.linux "ashok pappu" <apappu@worldnet.att.net> wrote in message news:mKyY8TlPAHA.274@forums.sybase.com... > > Hello every one > i downloaded the rpm version of sybase adaptive server 11.2 and used the > command rpm -ivh whatever.rpm to install the sybase adaptive server can any...

linux
What is the best Linux distribution from which to run Sybase ASE 12 (the beta)? Ditto for 11.9.2 Thanks in Advance, Justin Hertog In article <ODzZ5.132$fw5.7899@bgtnsc06-news.ops.worldnet.att.net>, "Justin K. Hertog" <justinkhertog@worldnet.att.net> wrote: > What is the best Linux distribution from which to run Sybase ASE 12 (the > beta)? Ditto for 11.9.2 The 12.5 beta expects RH 6.2 or later (or a similar Caldera or SuSE installation). The details are: - kernel-2.2.14-5.0 - glibc-2.1.3-15 - rpm-3.0.4-0.48 - binutils-2.9.5.0.22-6 ...

Linux
We have a novell network where people mostly use window XP machines. I had a Linux (redhat 9) machine and was connecting to the network by running a script (that an IT guy set up for me, was using ncpmount). Now I have bought a machine with the redhat enterprise 3 OS. Will the same script work for me ? Thanks Rgds, Amit Amit, > We have a novell network where people mostly use window XP machines. I had > a Linux (redhat 9) machine and was connecting to the network by running a > script (that an IT guy set up for me, was using ncpmount). Now I have > bought ...

Linux
The more I watch what is happening with Linux the less I am believing that it will ever turn into anything other than what it is. I just do not see any moves by vendors to enhance Linux support. It's the same as it was in 1995. G of Borg wrote: > novell.community.chat > The more I watch what is happening with Linux the > less I am believing that it will ever turn into anything > other than what it is. I just do not see any moves by vendors > to enhance Linux support. �It's the same as it was in 1995. server vendor support for the largest distros soft...

Web resources about - Linux to Linux VPN - grc.techtalk.linux

Linux - Wikipedia, the free encyclopedia
This article is about the operating system. For the kernel, see Linux kernel . For other uses, see Linux (disambiguation) . and video game consoles ...

Linux - Wikipedia, the free encyclopedia
This article is about the operating system. For the kernel, see Linux kernel . For GNU package based on Linux kernel, see GNU Linux-libre . For ...

Linux - Wikipedia, the free encyclopedia
This article is about the operating system. For the kernel, see Linux kernel . For other uses, see Linux (disambiguation) . and video game consoles ...

Linux - Wikipedia, the free encyclopedia
This article is about the operating system. For the kernel, see Linux kernel . For other uses, see Linux (disambiguation) . The development of ...

Ubuntu Linux 16.04 'Xenial Xerus' Alpha 1 available now
... system, it is nowhere close to being perfect. Actually, for 2015, I am comfortable saying Ubuntu was the superior operating system . The Linux-based ...

Third time is no charm for failed Linux ransomware creators
... that hard truth, to the amusement of security researchers. For the past several months, a group of cybercriminals have been infecting Linux ...

How to try Ubuntu Linux without risking your Mac
... system on your Mac? Ever since Apple started using Intel chips in their computers, it’s been super simple to run Windows and even popular Linux ...

Hackers get Linux running on a PlayStation 4
In the two years since the PlayStation 4 first went on sale, hackers have enjoyed limited success in their efforts to open up the console. In ...

Solus Operating System 1.0 Provides New Linux Desktop Experience
A feature of the Solus Project's new Linux distribution is the new Budgie desktop environment. Here's what else Solus Operating System 1.0 offers. ...

Now that the PS4 has been hacked to run Linux, SteamOS is an inevitability
... week's Chaos Communication Congress event in Germany, console hacking team "fail0verflow" showed off their most recent project: a PS4 Linux ...

Resources last updated: 1/14/2016 9:23:13 PM