I was able to successfully get e-smith 4.1.2 working as a VPN server by assigning one of our static IPs as its external IP address and then dialing in through an ISP with Win95 (!) v1.4 DUN and connecting to that static IP.
I got e-smith server running like this:
Internet <-> DSL modem <-> e-smith <-> LAN2 (private LAN)
But I'm not particularly comfortable with this, as there are no no firewalls between LAN2 and the internet.
The problem I'm having is figuring out how to get it to work behind a firewall, and was wondering if someone could help / point me in the right direction.
Our setup looks like this:
Internet <-> DSL modem <-> Firewall1 <-> DMZ / LAN1 <-> Firewall2 <-> LAN2
LAN1 uses private IPs (e.g. 192.168.1.x) and LAN2 also uses private IPs (e.g. 192.168.2.x). Services in the DMZ include http and ftp, with Firewall1 forwarding those services to them. Firewall2 is a choke firewall with "our network" behind it. Firewall1 is LinkSys BEFSR41, and Firewall2 is FREESCO.
Q1) As a general question, how (on earth) does one place e-smith VPN server behind a firewall and still have the ability to connect / tunnel to its static IP via VPN?
The LinkSys unit prevents me (I think) from having our static IPs in the DMZ/LAN1, and forwarding port 1723 to e-smith VPN in DMZ/LAN1 with a private IP address doesn't seem to work -- I get no response at all from e-smith -- I checked the logs.
Q2) As a security issue, what's the best (low-cost, as you can see we're cheap here
) topology to pursue to allow VPN access to LAN2 but maintain security.
Thanks!
1 Replies
534 Views