What's running on your laptop? With the Shrew Soft VPN client (ike and ide-gtgui on ubuntu) packages, you *might* get an IPSec connection going, but NAT on your laptop/remote end will likely trip things up. I would recommend steering clear of IPSec. OpenVPN is the VPN of choice for road warriors. On the home/server end, I use IPCop. It's a full featured firewall distro that contains OpenVPN (and IPSec) as well as a slew of other features. It will run nicely on an old P-III system, with as little as 128M of RAM and a 1G HDD. Find an old desktop system that's going to be scrapped, throw a 2nd nic in it, and you're ready to roll. You'll need a switch behind it for your LAN/Green subnet, but those are dirt cheap as well. -- -Eric 'shubes' On 06/24/2012 01:21 PM, Mark Phillips wrote: > Stephen, > > Thanks....there are tons of options on the device. But I read that I > need a vpn server on my LAN.....other posts say no.....Most of the > information I found in forums is several years old, so I thought someone > with more experience than me could point me to a better manual. I read > this http://www.debian-administration.org/articles/489, but again it is > over 5 years old, so perhaps there is a better solution? > > This is the manual page from the BEFSX41.....I am not completely sure > which options to use. Plus, I assume I may need something running on my > laptop - OpenVPN? Do I need a VPN server on my LAN, or something else, > to be able to login to my different machines? > > Mark > > */VPN/**/Passthrough/* > > This Router supports IPSec, PPTP, and PPPoE Passthrough. You can select > either*Enable*or*Disable*for these options. > > ------------------------------------------------------------------------ > > */VPN/* > > *Select Tunnel Entry*- Select the tunnels number you want to set up. > > *Delete*- click this to remove any entries made for this tunnel you > selected. > > *Summary*- Click this button to display the status of all the tunnels. > > *IPSec VPN Tunnel*- Select*Enabled*to create a tunnel or*Disabled*to > close the tunnel. > > *Tunnel Name*- Once the tunnel is enabled, enter an arbitrary name for > the tunnel you are about to create. > > *Local Secure Group* > > This allows you to grant local computer access to this tunnel. > > Subnet This will allow all computers on the local subnet to access the > tunnel. Enter the IP Address and Mask to allow access to the tunnel. > IP Addr. This only allows the local computer with the specified IP > address. Enter the IP address you want to allow access to the tunnel. > IP Range This allows a range of local computers to access the tunnel. > Enter the IP address range allowed to access the tunnel. > > * Remote Secure Group* > > This allows you grant remote computers access to this tunnel. > > Subnet This will allow all computers on the remote subnet to access the > tunnel. Enter the IP Address and Mask to allow access to the tunnel. > IP Addr. This only allows the remote computer with the specified IP > address. Enter the IP address you want to allow access to the tunnel. > IP Range This allows a range of remote computers to access the tunnel. > Enter the IP address range allowed to access the tunnel. > Host When this is selected, the settings will be the same as the Remote > Security Gateway. > Any This option will allow any IP address from a remote location to > access this tunnel. > > * Remote Secure Gateway* > > This sets the remote end of the VPN tunnel. You can either specify the > IP address, Domain, or Any. > > IP Addr. Enter the IP address of the remote tunnel you will connect. > Domain This option lets you enter the fully qualified domain name. If > you do not have an IP address, you have an option to enter the domain of > the tunnel you are connecting to. > Any This will will allow any tunnel connection to be established. > > *Encryption* > > DES Data Encryption Standard (DES) is a type of encryption for this VPN > tunnel. If you select this option, make sure the other end of the tunnel > uses the same encryption type. > 3DES Triple Data Encryption Standard (3DES) is a stronger type of > encryption for this VPN Tunnel. If you select this option, make sure the > other end of the tunnel uses the same encryption type. > Disable This option will not encrypt for this tunnel. > > *Authentication* > > MD5 Message-Digest Algorithm (MD5)- Generates 128-bit message digest > based on the input. If you select this option, make sure the other end > of the tunnel uses the same authentication type. > SHA Secure Hash Algorithm (SHA)- Generates 160-bit message digest based > on the input. If you select this option, make sure the other end of the > tunnel uses the same authentication type. > Disabled This option will not authenticate for this tunnel. > > *Key Management* > > In order for any encryption to occur, the two ends of the tunnel must > agree on the type of encryption. This is done by sharing a "key" to > encrypt code. You can select*Auto (IKE)*or*Manual*. > > *Automatic Key Management* > > PFS Perfect Forward Secrecy (PFS) ensures that the initial key exchange > and IKE proposal are secure. This must be the same for both end of the > tunnel. > Pre-shared Key Enter a series of number and letters that will be used as > your key. This must be the same for both end of the tunnel. > Key Lifetime Enter a number of seconds for the life of the key.After the > key lifetime expires, a new code will be generated. This much be the > same for both end of the tunnel. > > *Manual Key Management* > > Encryption key Enter a series of letters or numbers to generate an > encryption key. This must be the same for both end of the tunnel. > Authentication Key Enter a series of letters or numbers to generate an > authentication key.This must be the same for both end of the tunnel. > Inbound SPI Enter a series of letter or numbers to generate the Inbound > SPI. This must match the outbound SPI on the other end of the tunnel. > Outbound SPI Enter a series of letter or numbers to generate the > outbound SPI. This must match the inbound SPI on the other end of the > tunnel. > > *Status*- This will shows if you are connected or disconnected from the > other end of the VPN tunnel. > > *Connect/Disconnect*- This button will connect or disconnect the other > end of the VPN tunnel. > > *View Log*- This will show you the VPN activity when connecting and > disconnecting. > > Advanced Settings > > Phase 1 is used to create a Security Association (SA), often called the > IKE SA. After Phase 1 is completed, Phase 2 is used to create one or > more IPSec SAs, which are then used to key IPSec sessions. > > Operation Mode > > Main This is for normal operation and is more secure. > Aggressive This is faster and less secure. > Username Some require username to establish a VPN connection. > > Encryption Select the length of the key used to encrypt/decrypt ESP > packets. There are two choices: DES and 3DES. 3DES is recommended for > security. > Authentication Select the method used to authenticate ESP packets. There > are two choices: MD5 and SHA. SHA is recommended for security. > Group There are two Diffie-Hellman Groups to choice from: 768-bit and > 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses > public and private keys for encryption and decryption. > Key Lifetime Enter a number of seconds for the life of the key.After the > key lifetime expires, a new code will be generated. This much be the > same for both end of the tunnel. > > *Phase 2* > > Group There are two Diffie-Hellman Groups to choice from: 768-bit and > 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses > public and private keys for encryption and decryption. > Key Lifetime Enter a number of seconds for the life of the key.After the > key lifetime expires, a new code will be generated. This much be the > same for both end of the tunnel. > > Other Setting > > NetBIOS broadcast Check this to enable NetBIOS traffic to pass-through > the VPN tunnel. > Anti-replay Check this to enable the Anti-reply protection. this feature > keeps track of sequence numbers and packet arrival, ensuring security at > the IP packet-level. > Keep-Alive Check this to re-establish VPN tunnel connection whenever it > is dropped. Once the tunnel is initialized, this feature will keep the > tunnel connected. > If IKE failed more than x Times, block this unauthorized IP for y > seconds. Check this box to block unauthorized IP addresses. Complete the > on-screen sentence to specify how many times IKE must fail before > blocking that unauthorized IP address for a length of time that you > specify (in seconds). > > > > On Sun, Jun 24, 2012 at 1:02 PM, Stephen > wrote: > > Rtfm? > > It really depends on what your options are in the vpn device are. > > On Jun 24, 2012 1:00 PM, "Mark Phillips" > wrote: > > I need to take my laptop on several road trips, and I need to > connect back to my home office LAN - all Debian machines. I am > on COX cable with a BEFSX41 router. The BEFSX41 has a VPN option > that I have never used. What do I need to add to my laptop > (Debian) to talk to my home office LAN securely (ie through a > VPN) using my BEFSX41? Obviously, I am a complete nube when it > comes to setting up VPN access to my LAN. I have googled for > some recommendations, but I have not found a good reference to > follow. > > Thanks, > > Mark > > --------------------------------------------------- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss