Topic: Virtual Private Network (VPN) configurations

[Gerald Jansen]

Progress continues to be made. Rather than continue with the current release. I would like to download the beta and install SSH and then VNC to continue a VPN analysis. I have several clients That need VPN capabilities. They are running peer to peer at each location. My solution would be to set up e-smith servers at each location with microwave,T1, or Cable modem access and then map thier secure data drives accross the Cloud. This would require using the servers as file servers (SAMBA) and then securing the data files. Each workstation would then only run applicaton code and the servers would have all the data files. With that as background, what I would like,if possible, is download instructions for the beta so we can begin to play. It won't be a production system so if it crashes we will just document it and send the circumstances back to you.
Thanks, in advance.

Gerald

[Kim Morrison]

GERALD: I'll send the beta download instructions to you.. BTW, there is an open source VPN solution called FreeS/WAN that we are going to look into for a future product enhancement.  If you check that particular package out, please let us know your thoughts.  Kim

[Gerald Jansen]

I looked at freeS/WAN to determine how it would compliment our efforts.  As you know we are toying with SSH and VNP. Our plan is to install SSH to establish a secure connection to a remote client and then tunnel in using VNP to control an observe Workstations. We have tried it an it appears to work. Now, that establishes a secure way of delivering remote support and maintenance. However, it doesn't provide security in the cloud. That is where FreeS/WAN would come in. It provides incripted transmissions on the backbone. It that your thought? or did I miss the point? Thank you for your thoughts.

Gerald

[Kim Morrison]

GERALD:  Sounds like we are in synch. I would see FreeS/WAN as a secure way for remote sites to  communicate with one another.  We're keeping an eye on FreeS/WAN as it has matures and is tested by the open source community.   For your remote sites, of course, the other VPN possibility might be a commercial VPN solution, like TimeStep.   Good luck.  Keep us posted!  Kim

[Clement Dupuis]

One interesting point is that ICSA is using SWAN to test the compliance of commercial VPN product.  They were saying that SWAN is extremely compliant with the standards in place.

Clement

[David]

Someone awhile back requested any info on how to get VNC to work thru esmith to a Windows box on the other side of the firewall. Well here it is. Very simple. I create a file and entered the following into it and exicute it.


# --------------------------------------------------------
# VNC

ipmasqadm autofw -A -v -r tcp 5900 5901 -h 192.168.1.65
ipmasqadm autofw -A -v -r tcp 5800 5801 -h 192.168.1.65


I was also able to get access to my netmetting Remote Desktop to work as well.
using the following.

#  Netmeeting RDS
#--------------------------------------------
ipmasqadm autofw -A -v -r tcp 1503 1504 -h 192.168.1.65




Only reason why I do this is to gain access to my Windows PC to do some work while I'm at work.

[Stephen]

David:

I'd like to use NetMeeting across the e-smith box. I wasn't able to determine what exactly it was that you did in order to get NetMeeting running.

From your email I gathered that it is as simple as making the above two files (names and directories to be saved in unknown). Is that really all there is to it? I've been trying to figure out how to compile and install an h.323 module (to no avail) for months now, and figured that was the problem.

Thanks for the info,

Stephen

[David]

Not much is needed to get Netmeeting RDS(Remote Desktop ) to work. I created a script which I run when I want to have access to my pc. In this script I have the following.

ipmasqadm autofw -A -v -r tcp 1503 1504 -h 192.168.1.65

Of course change the 192.168.1.65 to the correct IP address of the machine you want to gain access to.

As for H323. Someone here on e-smith mailing list also provided me with a file to allow netmeeting audio/video to work. I haven't done to much testing with it, but it seems to work for the most part. If you want  I can send you the file. Let me know.

Again in the script as the follow line,
/sbin/modprobe ip_masq_h323
and away you go.

But of course you will require the ip_masq_h323 file. Send me a email(davidtoste@hotmail.com) and I'll send you via email.