Need Help setting up a VPN Connection to my LAN

Mark Phillips mark at phillipsmarketing.biz
Sun Jun 24 13:21:07 MST 2012


Stephen,

Thanks....there are tons of options on the device. But I read that I need a
vpn server on my LAN.....other posts say no.....Most of the information I
found in forums is several years old, so I thought someone with more
experience than me could point me to a better manual. I read this
http://www.debian-administration.org/articles/489, but again it is over 5
years old, so perhaps there is a better solution?

This is the manual page from the BEFSX41.....I am not completely sure which
options to use. Plus, I assume I may need something running on my laptop -
OpenVPN? Do I need a VPN server on my LAN, or something else, to be able to
login to my different machines?

Mark

*VPN** Passthrough*

This Router supports IPSec, PPTP, and PPPoE Passthrough. You can select
either *Enable* or *Disable* for these options.
------------------------------

*VPN*

*Select Tunnel Entry*- Select the tunnels number you want to set up.

*Delete*- click this to remove any entries made for this tunnel you
selected.

*Summary*- Click this button to display the status of all the tunnels.

*IPSec VPN Tunnel*- Select *Enabled* to create a tunnel or *Disabled* to
close the tunnel.

*Tunnel Name*- Once the tunnel is enabled, enter an arbitrary name for the
tunnel you are about to create.

*Local Secure Group*

This allows you to grant local computer access to this tunnel.
SubnetThis will allow all computers on the local subnet to access the
tunnel. Enter the IP Address and Mask to allow access to the tunnel.IP
Addr.This
only allows the local computer with the specified IP address. Enter the IP
address you want to allow access to the tunnel.IP RangeThis allows a range
of local computers to access the tunnel.  Enter the IP address range
allowed to access the tunnel.

* Remote Secure Group*

This allows you grant remote computers access to this tunnel.
SubnetThis will allow all computers on the remote subnet to access the
tunnel. Enter the IP Address and Mask to allow access to the tunnel.IP
Addr.This
only allows the remote computer with the specified IP address. Enter the IP
address you want to allow access to the tunnel.IP RangeThis allows a range
of remote computers to access the tunnel.  Enter the IP address range
allowed to access the tunnel.HostWhen this is selected, the settings will
be the same as the Remote Security Gateway. AnyThis option will allow any
IP address from a remote location to access this tunnel.

* Remote Secure Gateway*

This sets the remote end of the VPN tunnel. You can either specify the IP
address, Domain, or Any.
IP Addr.Enter the IP address of the remote tunnel you will connect.DomainThis
option lets you enter the fully qualified domain name. If you do not have
an IP address, you have an option to enter the domain of the tunnel you are
connecting to.AnyThis will will allow any tunnel connection to be
established.



*Encryption*
DESData Encryption Standard (DES) is a type of encryption for this VPN
tunnel. If you select this option, make sure the other end of the tunnel
uses the same encryption type.3DESTriple Data Encryption Standard (3DES) is
a stronger type of encryption for this VPN Tunnel. If you select this
option, make sure the other end of the tunnel uses the same encryption type.
DisableThis option will not encrypt for this tunnel.

*Authentication*
MD5Message-Digest Algorithm (MD5)- Generates 128-bit message digest based
on the input.  If you select this option, make sure the other end of the
tunnel uses the same authentication type.SHASecure Hash Algorithm (SHA)-
Generates 160-bit message digest based on the input.  If you select this
option, make sure the other end of the tunnel uses the same authentication
type.DisabledThis option will not authenticate for this tunnel.

*Key Management*

In order for any encryption to occur, the two ends of the tunnel must agree
on the type of encryption.  This is done by sharing a "key" to  encrypt
code. You can select *Auto (IKE)* or *Manual*.

*Automatic Key Management*
PFSPerfect Forward Secrecy (PFS) ensures that the initial key exchange and
IKE proposal are secure. This must be the same for both end of the
tunnel.Pre-shared
KeyEnter a series of number and letters that will be used as your key. This
must be the same for both end of the tunnel.Key LifetimeEnter a number of
seconds for the life of the key. After the key lifetime expires, a new code
will be generated. This much be the same for both end of the tunnel.

*Manual Key Management*
Encryption keyEnter a series of letters or numbers to generate an
encryption key. This must be the same for both end of the tunnel.Authentication
KeyEnter a series of letters or numbers to generate an authentication key. This
must be the same for both end of the tunnel.Inbound SPIEnter a series of
letter or numbers to generate the Inbound SPI. This must match the outbound
SPI on the other end of the tunnel.Outbound SPIEnter a series of letter or
numbers to generate the outbound SPI.  This must match the inbound SPI on
the other end of the tunnel.

*Status*- This will shows if you are connected or disconnected from the
other end of the VPN tunnel.

*Connect/Disconnect*- This button will connect or disconnect  the other end
of the VPN tunnel.

*View Log*- This will show you the VPN activity when connecting and
disconnecting.



Advanced Settings

Phase 1 is used to create a Security Association (SA), often called the IKE
SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSec
SAs, which are then used to key IPSec sessions.

Operation Mode
MainThis is for normal operation and is more secure.AggressiveThis is
faster and less secure.UsernameSome require username to establish a VPN
connection.


EncryptionSelect the length of the key used to encrypt/decrypt ESP packets.
There are two choices: DES and 3DES. 3DES is recommended for security.
AuthenticationSelect the method used to authenticate ESP packets. There are
two choices: MD5 and SHA.  SHA is recommended for security.GroupThere are
two Diffie-Hellman Groups to choice from: 768-bit and 1024-bit.
Diffie-Hellman refers to a cryptographic technique that uses public and
private keys for encryption and decryption.Key LifetimeEnter a number of
seconds for the life of the key.After the key lifetime expires, a new code
will be generated. This much be the same for both end of the tunnel.

*Phase 2*
GroupThere are two Diffie-Hellman Groups to choice from: 768-bit and
1024-bit. Diffie-Hellman refers to a cryptographic technique that uses
public and private keys for encryption and decryption.Key LifetimeEnter a
number of seconds for the life of the key.After the key lifetime expires, a
new code will be generated. This much be the same for both end of the
tunnel.



Other Setting
NetBIOS broadcastCheck this to enable NetBIOS traffic to pass-through the
VPN tunnel.Anti-replayCheck this to enable the Anti-reply protection. this
feature keeps track of sequence numbers and packet arrival, ensuring
security at the IP packet-level.Keep-AliveCheck this to re-establish VPN
tunnel connection whenever it is dropped.  Once the tunnel is initialized,
this feature will keep the tunnel connected.If IKE failed more than x
Times, block this unauthorized IP for y seconds.Check this box to block
unauthorized IP addresses. Complete the on-screen sentence to specify how
many times IKE must fail before blocking that unauthorized IP address for a
length of time that you specify (in seconds).




On Sun, Jun 24, 2012 at 1:02 PM, Stephen <cryptworks at gmail.com> wrote:

> Rtfm?
>
> It really depends on what your options are in the vpn device are.
> On Jun 24, 2012 1:00 PM, "Mark Phillips" <mark at phillipsmarketing.biz>
> wrote:
>
>> I need to take my laptop on several road trips, and I need to connect
>> back to my home office LAN - all Debian machines. I am on COX cable with a
>> BEFSX41 router. The BEFSX41 has a VPN option that I have never used. What
>> do I need to add to my laptop (Debian) to talk to my home office LAN
>> securely (ie through a VPN) using my BEFSX41? Obviously, I am a complete
>> nube when it comes to setting up VPN access to my LAN. I have googled for
>> some recommendations, but I have not found a good reference to follow.
>>
>> Thanks,
>>
>> Mark
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120624/1ac6aa8c/attachment.html>


More information about the PLUG-discuss mailing list