Paul wrote:
>I'm planning a new system that will act as a gateway/firewall for a >network behind a cable modem. > > >The idea is to have all clients able to use the gateway to access the >internet for EMail only (I figure IPMASQ blocking all those ports) and >then user auth'd proxy for the web... I figure I'll use SQUID for that. > > >My question however, is setting this all up with allowing for VPN... > >I want users outside the network on windows clients to be able to connect >securely to the network with encription (of course) and user >authentication (a generic password or usernames will suffice) > >Does anyone have any suggestions on how to do this... and perhaps a URL >for howto's or whatever? > >I'm confident that I'll be able to set up SQUID and IPMASQ and securing >the machine.. but I've never done linux debian VPN before... > >ideas? > > > Hi, If I were you , I'd take a look at vtun (http://vtun.sourceforge.net/). You can create a virtual tunnel over the internet (or any ip network for that matter) using compression and encryption. For this to work, you need the tun driver compiled as a module and loaded. To check whether you have it compiled in check for |CONFIG_TUN| in your .config file in the kernel source tree. I strongly reccomend you use kernel 2.4.18 or higher since I have experienced incompatibilities with previous versions. You then create the device like this: |mknod /dev/net/tun c 10 200| for kernels 2.4.4 or greater (if it is not already there of course), and |mknod /dev/tun c 10 200| for kernels 2.4.2 or below. Done that, load the module by doing: modprobe tun. Check if it is loaded by doing lsmod. Ok now you have your kernel ready to communicate over the tun interface. All you need to do is download vtun and install it. This is how it works: One machine will be the vtun server, and the other (possible over the internet) will be a client. You have to configure /etc/vtund.conf differently on each side to tell it whether to be a client or a server.. and then run the server and connect to it with the client.
Once it is all up and running your two networks, located at different parts of the internet, should be able to communicate with each other as if on a local network. In terms of firewalling you could just add a simple rule saying to allow all traffic that comes to/from the tun interface.
Let me know if you want example config files for client/server eventhough you will find them already in the default installation.
Hope this helps, David.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
