Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

vpn server in linux

Status
Not open for further replies.
PammyBoy

PammyBoy

Technical User
Oct 9, 2002
27
0
0
US
Hello All,

I'm new to linux but am intensely curious of the power it potentially could bring to my company. My company is looking for a vpn solution. We currently are running a windows 2000 server and a few remote users would like access to files on the server. I was wondering, is there a way to make a separate linux box and turn it into a VPN server and maybe a firewall? I know I could just allow remote access through the win2k server, but I want an excuse to play with linux at work.

Tom
 
Sort by date Sort by votes
Yes, You can install freeswan software for your linux VPN.
And you can use iptables for firewall.
Good Luck
 
Upvote 0 Downvote
Depending upon your security requirements, you may want to look at poptop for a VPN server ( and for a PPTP solution. FreeS/WAN ( is an IPSEC solution, so it adds packet level authentication to the picture, but is a little more difficult to deal with.

As ady2k stated, iptables/netfilter is the way to go for a firewall. As an added bonus, it is included with most (all?) current distros. There are several graphical interfaces avaiable, but you will be better serverd long term by learning to write the rules without the limits of these tools. On a side note, some of the nice little graphical thingys use ipchains, which is somewhat dated and should be avoided.

Check out the HOWTOs at and the documentation at . I have found very useful.

Above all, avoid using the Windows box. After you get past the Linux learning curve, the other stuff is much easier to deal with on Linux than with Windows. Linux runs faster, smarter and longer.

On a side note, avoid running too much on the VPN / firewall box. The fewer sevices the better. Some would argue that you shouldn't even have the VPN server running on the firewall box. I think there are good arguments both ways, but I think in the end it is best to put them together.
 
Upvote 0 Downvote
Dude, If you haven't done yet, or if your Linux doesn't have PoPToP get it now!!! It's easy as hell to setup and you can save your company G's.

Here's a couple things to make even easier.

Username and Passwords File - /etc/ppp/chap-secrets
Options file - /etc/ppp/options.pptpd
Config file - /etc/pptpd.conf

If you have nothing setup and want to create a new box just for VPN, get SuSE 8.1 from their website Install it and it's already setup to work.

p.s. set this in the firewall script or it probably won't work.

FW_ALLOW_CLASS_ROUTING="yes"
 
Upvote 0 Downvote
Great, so poptop is the way to go. If this works, it'll make me look good because I'll save my boss a considerable amount of money, it should run smoothly provided I configure it correctly, and it'll help me push the company towards a total linux infrastructure than our current highly unstable win2k network. Thank you to all of you for the great advice.
Now the only question I have is, after I setup a linux box and install poptop on it, how do I get it to communicate with the win2k server and will remote windows clients be able to speak to the linux VPN server? As you can tell, I'm a complete newbie, but I'm a quick study and have a voracious thirst for knowledge. I just need a point in the right direction. Thank all of you once again.

Tom, soon-to-be linux convert.
 
Upvote 0 Downvote
The connection to your Windows server is a simple routing issue. Your linux box will need to route VPN traffic to the LAN. If you setup a firewall there (with NAT at your option) you will also be routing the internet traffic. Not hard at all, once you get the box up and running.

The really nice thing about this is most modern versions of Windows have PPTP support built in. Configuration on that side is very similar to configuring a dialup networking connection -- uses the same wizard. Take a look here for some idea .

You really need to start with a basic linux configuration. Play with that for a bit. Get it connected to the internet, at least to the point that you can browse. Would move on to iptables next. Start with securing the linux box, then move on to NAT, if you need that.

Next, you should be ready to setup the VPN. Not hard, read as much as you can first. Poptop is not as well documented as most linux apps, but there is more than enough there to get you going.

Finally, you may want to look at Samba. If you need to browse the LAN over your VPN, you will need it to at least act as a WINS proxy for name resolution. Don't plan on doing too much with it on a box that is connected to the internet -- no file sharing -- and make sure you have it locked down well before you go to far. If you like it, you may end up with another box to provide file services (and even a PDC, if you like).

Above all, don't get yourself locked into a time frame. You need to be able to play with it for a while, just to get a good feel for what your doing. Not hard, but you will have to break some of the Windows habits (like rebooting your server every other day).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
63
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
68
MP2023
MP2023
kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
67
kristiandg
kristiandg
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
87
SamBones
SamBones
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
98
bk Patel
bk Patel

Part and Inventory Search

Sponsor

Back
Top