D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Simple VPN creation that supports Windows?

 


On Thu, Aug 21, 2008 at 3:13 PM, John Horne <john.horne@xxxxxxxxxxxxxx> wrote:
On Thu, 2008-08-21 at 12:40 +0100, Grant Sewell wrote:
> Hi all,
>
> I've read about using SSH and PPP to create a VPN connection between two
> Linux boxes, but does this work using PuTTY as an SSH client?  I've read
> about the various SWAN tools for IPSec and PPTP VPN creation too, but
> have previously had problems getting my router to forward the relevant
> traffic.  Does anyone know of a relatively straight forward way to
> create a VPN that both Linux and Windows can connect to without too much
> hassle on the client side?
>
We tend to use PPTP/GRE with MPPE encryption (128 bit). It is supported
by Windows by default, and MPPE is in the linux kernel now too. PPTP
(for server and/or client) is downloadable from sourceforge (or via a
yum repo I think if you are running RedHat/Fedora).
 
An experience on the PPTP/GRE with some low-end routers, I have had the experience where GRE would continually block, despite allowing the necessary TCP/UDP traffic (Even going so far as to try allowing all TCP/UDP traffic) in a BT Speedtouch.  I ended up having to allow all traffic (not specifying the TCP or UDP traffic at all and rely on allowing a specific IP address through.  So, SSH greatly simplifies things on the routing side of a VPN.  One port, and sorted.
 
I'll refer to this link when I want to set something up to what the parent poster asked: http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html
 
Also, when working with IPSEC connections, there are two layers of security to configure, so it is not directly straight forward.  But once you get experience with it, MS does a decent on-demand VPN setup in its routing and remote access components.
 
 


Note, it works, however there are security issues in that PPTP/MPPE is
not the securest method available (things like IPSec are more secure).


John.

--
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 587287
E-mail: John.Horne@xxxxxxxxxxxxxx       Fax: +44 (0)1752 587001

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html