RE: VPN to a host behind the firewall
Thanks for your reply.
If it was up to me, they would not be running NT at all :)
The decision to use NT as the VPN server is not mine, - I'm just asked to find a technical solution. If GRE tunneling is possible, that seems like a easy and "safe" way to do it. The other way around is to add another NIC to the NT server and connect it to a "dmz" zone on the firewall, where all traffic except GRE is rejected by the firewall.
Jarle
> -----Original Message-----
> From: rene@jk.uni-linz.ac.at [mailto:rene@jk.uni-linz.ac.at]On Behalf Of
> Rene Mayrhofer
> Sent: Thursday, November 25, 1999 4:17 PM
> To: Jarle Aase
> Cc: debian-firewall@lists.debian.org
> Subject: Re: VPN to a host behind the firewall
>
>
> Jarle Aase wrote:
> >
> > I have a firewall running Linux 2.12 kernel with patch from
> kerneli.org, Debian Slink (latest stable) and ipchains 1.3.9
> (compiled from the original source).
> >
> > The setup is like this:
> >
> > Internal net, non-legal IP series, masqueraded
> > |
> > |
> > Firewall
> > |
> > |
> > Internet router
> >
> > A NT server on the internal net should now be used as a VPN
> server for Win98 clients
> > connecting from Internet. NT use IP protocol 47 (gre) for VPN.
> The firewall is not
> > responsible for any security issues on this protocol.
> Why not use the firewall as a pptp server ? That would be the best way
> since VPNs are designed to give access to an internal LAN (possibly with
> private IP addresses) from outside the network.
>
> You can download my pptpd (a PPTP server implementation for Linux)
> package for slink from
> ftp://ftp.vianova.at/pub/debian-packages/slink-updates/pptpd_0.9.1
3-1_i386.deb
You need a patched kernel for this which can be found under
ftp://ftp.vianova.at:/pub/debian-packages/potato-packages/kernel-image-2.2.13_2.2.13.mppe_i386.deb
and a patched pppd from
ftp://ftp.vianova.at:/pub/debian-packages/slink-updates/ppp_2.3.8.mscrypt-1_i386.deb
if you want data encryption using mppe.
greets,
Rene
Reply to: