Hello, I am in the process of building a few VPN/Firewall systems based on debian. I'm using a Kernel 2.4.18 with the following patches FreeSWAN for IPSec based VPNs,MPPE for support of PPTP based (windows) clients, and GRSecurity for extra security. I've disabled module support (defeating and kernel module hacks). The GRsecurity patch adds some very useful patches for firewalls.
I will be running a minimal amount of daemons(pluto, squid, ppptd), I am looking into using chroot with most of them. The largest part of the project will be the monitoring system. I am still looking into how I will collect and display statistics (transfers, proxy usage). Also I am looking into log monitoring for hack attempts and general oddites, as well tripwire for ensuring file integrity. The last part is kinda of wishful thinking. I would like to have a management interface, for adding IPSec connections and PPTP users, and maybe displaying MRTG graphs and such. I was thinking CVS possibly for config file management, combined with make and ssh could be cool for keeping track of changes by admins as well as securely automating config file updates. Anyone else had experience with this kind of thing on Debian? Anyone interested in helping developing this? On Fri, 2002-05-31 at 01:45, Paul wrote: > I'm planning a new system that will act as a gateway/firewall for a > network behind a cable modem. > > > The idea is to have all clients able to use the gateway to access the > internet for EMail only (I figure IPMASQ blocking all those ports) and > then user auth'd proxy for the web... I figure I'll use SQUID for that. > > > My question however, is setting this all up with allowing for VPN... > > I want users outside the network on windows clients to be able to connect > securely to the network with encription (of course) and user > authentication (a generic password or usernames will suffice) > > Does anyone have any suggestions on how to do this... and perhaps a URL > for howto's or whatever? > > I'm confident that I'll be able to set up SQUID and IPMASQ and securing > the machine.. but I've never done linux debian VPN before... > > ideas? > > Thanks a bunch! > -Paul > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Sean McAvoy Network Analyst Megawheels Technologies Inc. Phone: 416.360.8211 Fax: 416.360.1403 Cell: 416.616.6599 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
