Linux-based PPTP server?
Darrell Shandrow
plug-discuss@lists.plug.phoenix.az.us
Sat, 21 Sep 2002 15:28:25 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0007_01C26183.86F1F890
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi all,
I am writing to ask for some advice regarding configuring a VPN for a =
small LAN. Though I have done some preliminary research, I am still in =
need of some advice, becase the solutions I have found thus far do not =
meet my needs.
First, the network in question is connected to the Internet via a DSL =
connection, with a /29 subnet of publicly addressible IP address space. =
There is a DSL router and 2 Linux servers currently using IP addresses =
on that subnet. Second, there is an internal /24 network of private =
address space which is currently used by a small number of Windows XP =
systems. The Cisco 678 DSL router uses DHCP to hand out the =
192.168.1.0/24 IP addresses to the client systems, using NAT to =
translate their Internet access needs to the outside world for =
completion. The Cisco 678 is also configured to provide a DMZ in which =
the /29 public IP address space resides, and on which the 2 Linux boxes =
currently operate. Third, on the internal network, there is some =
sharing of resources taking place between the Windows XP systems and the =
two Linux servers previously mentioned, which run Samba and are =
configured as multihomed interfaces to both the private and public =
address spaces. Samba has been configured to operate only on the =
private subnet, for the purpose of greater security. At this time, only =
files are shared on the LAN using NetBIOS, but other resources may be =
shared soon, such as a printer.
And, now, to my need. I am seeking a secure way to access the shared =
resources on the internal LAN from the outside world. The anticipated =
need is that the users on the outside would be primarily running some =
form of Windows. I am aware of the PPTP protocol for secure remote =
access to such networks, and this is what I would like to implement. My =
plan is to install and configure a PPTP server on my network that would =
securely provide the remote PPTP client with an IP address on the =
private 192.168.1.0/24 network for purposes of accessing its shared =
resources. =20
I have done some research, and believe I may have found some solutions. =
The first kind of solution I found would seem to run on one of my =
existing Linux boxes, but would require that I either patch and compile =
a special version of the Kernel source, or that I simply install a new =
Kernel. Installing a whole new Kernel is out for me; I use a special =
screen reading program for blind users called Speakup =
(http://www.linux-speakup.org) which is implemented as a Kernel patch. =
I got my systems up and running by downloading and installing a special =
custom-built version of the RedHat 7.2 Linux distro with this support =
built into the Kernel. Though I have patched and compiled Kernels in =
the past, when I ran Slackware Linux, I would like to try and avoid =
doing this if possible; I don't know what the patches for PPTP might do =
with a Kernel source (the Speakup Kernel source to be exact) that is =
already non-standard. So, if I use one of my existing systems, a =
solution like that found on poptop.org to provide PPTP is certainly a =
no-go. I have also been investigating a second type of solution. This =
solution would run on another box, as a dedicated solution. I have thus =
far been examining the Clarkconnect and E-smith communications servers. =
Though these solutions look great, and I am in fact investigating them =
for another solution to a separate situation with another network, I =
believe these are definitely overkill for my needs.
So, now, does anyone out here have any other ideas for me to research to =
meet the needs listed above, or am I just going to have to sharpen my =
Kernel patching and compilation skills again, and go with a patched =
Kernel?
All advice is very much appreciated.
Thanks.
=20
=20
Best regards,
Darrell Shandrow
Access technology consulting, network and systems administration
CompTia A+ Certified PC technician
------=_NextPart_000_0007_01C26183.86F1F890
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I am writing to ask for some advice =
regarding=20
configuring a VPN for a small LAN. Though I have done some =
preliminary=20
research, I am still in need of some advice, becase the solutions I have =
found=20
thus far do not meet my needs.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>First, the network in question is =
connected to the=20
Internet via a DSL connection, with a /29 subnet of publicly addressible =
IP=20
address space. There is a DSL router and 2 Linux =
servers currently=20
using IP addresses on that subnet. Second, there is an internal =
/24=20
network of private address space which is currently used by a =
small=20
number of Windows XP systems. The Cisco 678 DSL router uses DHCP =
to hand=20
out the 192.168.1.0/24 IP addresses to the client systems, using =
NAT to=20
translate their Internet access needs to the outside world for =
completion. =20
The Cisco 678 is also configured to provide a DMZ in which the /29 =
public IP=20
address space resides, and on which the 2 Linux boxes currently =
operate. =20
Third, on the internal network, there is some sharing of resources =
taking place=20
between the Windows XP systems and the two Linux servers previously =
mentioned,=20
which run Samba and are configured as multihomed interfaces to both =
the private and public address spaces. Samba has been =
configured to=20
operate only on the private subnet, for the purpose of greater =
security. At this time, only files are shared on the LAN using =
NetBIOS,=20
but other resources may be shared soon, such as a =
printer.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>And, now, to my need. I am =
seeking a secure=20
way to access the shared resources on the internal LAN from the outside=20
world. The anticipated need is that the users on the outside =
would be=20
primarily running some form of Windows. I am aware of the =
PPTP=20
protocol for secure remote access to such networks, and this is =
what I=20
would like to implement. My plan is to install and =
configure a=20
PPTP server on my network that would securely provide the remote =
PPTP=20
client with an IP address on the private 192.168.1.0/24 network for =
purposes of=20
accessing its shared resources. =20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I have done some research, and believe =
I may have=20
found some solutions. The first kind of solution I found would =
seem to run=20
on one of my existing Linux boxes, but would require that I either patch =
and=20
compile a special version of the Kernel source, or that I simply install =
a new=20
Kernel. Installing a whole new Kernel is out for me; I use a =
special=20
screen reading program for blind users called Speakup (<A=20
href=3D"http://www.linux-speakup.org">http://www.linux-speakup.org</A>)=20
which is implemented as a Kernel patch. I got my systems up =
and=20
running by downloading and installing a special custom-built version of =
the=20
RedHat 7.2 Linux distro with this support built into the Kernel. =
Though I=20
have patched and compiled Kernels in the past, when I ran Slackware =
Linux,=20
I would like to try and avoid doing this if possible; I don't know =
what the=20
patches for PPTP might do with a Kernel source (the Speakup =
Kernel=20
source to be exact) that is already non-standard. So, if I use one =
of my=20
existing systems, a solution like that found on poptop.org to =
provide PPTP=20
is certainly a no-go. I have also been investigating a second =
type of=20
solution. This solution would run on another box, as a =
dedicated=20
solution. I have thus far been examining the Clarkconnect and =
E-smith=20
communications servers. Though these solutions look great, =
and I am=20
in fact investigating them for another solution to a separate situation =
with=20
another network, I believe these are definitely overkill for my=20
needs.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>So, now, does anyone out here have any =
other ideas=20
for me to research to meet the needs listed above, or am I just going to =
have to=20
sharpen my Kernel patching and compilation skills again, =
and go with a=20
patched Kernel?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>All advice is very much =
appreciated.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks.</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2> &nbs=
p;=20
</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2> &nbs=
p; =20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Best regards,<BR>Darrell =
Shandrow<BR>Access=20
technology consulting, network and systems administration<BR>CompTia A+=20
Certified PC technician </FONT></DIV></BODY></HTML>
------=_NextPart_000_0007_01C26183.86F1F890--