Lee H. Marzke on 12 Sep 2012 17:43:49 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Virtual Network Question


Casey,

You are talking about a Virtual Private Network (VPN) connection.

Most linux users prefer OpenVPN, which has clients for Windows and Linux,  but
there are also IPSEC VPN's, L2TP (tunnel, no encrypt), and PPTP.

OpenVPN is generally easier to setup, but you will have to run the
OpenVPN server somewhere.    SO you could run it on any internal
server on your LAN,  and setup Firewall port forwards to allow
port 1194 UPD into that box.     Best practice would be to have
two NICS on the box so that VPN traffic comes in one NIC, and traffic
reaches your LAN from another NIC.  The first NIC is placed in the
DMZ zone of your firewall. 

If this is a core feature that you want to have all the timeyou also might
consider setting up a more complex firewall/router that includes the VPN
feature on the same box.  Generally you dedicate a small, low-powered PC
to just the firewall/router function, something like an old Celeron based 
system with 512Mb RAM.

For instance right now I'm in Wegmans on their WiFi, with a VPN connection
open to home.  ( So all my traffic is encrypted and they can't see it, but
there SonicWall also can't filter websites as all my web traffic is hidden
to them and other WiFi users )

I've previously given a talk about a commercial open-source solution for this
called Endian Firewall [1] at PLUG central.   This is a Linux based firewall
with OpenVPN, Squid Proxy, DansGuardian, Snort IDS, and many other security
feautures.  However it is a real resource hog,  and I'm now in the process of
switching to pfSense which is a OpenBSD based solution.  I'm finding that
pfSense is more flexible,  but quite a bit harder to understand.  BOTH
of these solutions have a GUI for all settings.

If there is interest in a PLUG talk on my Infrastructure I could do that.
I'm actually running pfSense as a virtual machine ( under Vmware vSphere ).
My SAN storage is actually created from (6)local disks by another VM running
a Solaris ZFS instance under VMware.  So my whole data center running 12+
servers fits in a 1/2 height rack with one actual Dell 2U server, a cisco
switch,  2 APC UPS's and a backup NAS.

Just to be clear,  I have a few Linux VM's running here, but the majority
of the infrastructure is VMware, Cisco,  BSD,  and Solaris ( soon to be
openIndiana ) for ZFS storage.  I also use 1Gbs LC fibre links between
cisco switches as 1Gb fibre is dirt cheap these days.   Is this close
enough to Linux to be of interest to people ?


[1] http://plone.4aero.com/Members/lmarzke/talks/plug_utm/index/presentation_view





----- Original Message -----
> From: "Casey Bralla" <MailList@nerdworld.org>
> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
> Sent: Wednesday, 12 September, 2012 6:15:07 PM
> Subject: [PLUG] Virtual Network Question
> 
> My work computer (Windows 7) has a web application that calls back to
> the office
> server and sets up a Virtual Network with my work network.  I
> therefore can
> access Outlook and networked files directly from my work PC.
> 
> I want to do the same thing back to my home network, so my traveling
> netbook
> will be assigned an local IP from my home network, and I can easily
> mount nfs
> drives from servers on my home network (which, naturally, are behind
> a
> firewall).
> 
> I've used various VNC programs in Linux (TightVNC, etc), but they all
> seem to
> be focused on running a remote desktop.  I want a remote & secure
> connection
> to my home network.
> 
> 
> Googling so far has just brought up references to TightVNC and the
> like.  Can
> sombody point me to a source for a true Virtual Network connection
> between my
> laptop and my home?
> 
> 
> Thanks!
> --
> 
> Casey Bralla
> 
> Chief Nerd in Residence
> The NerdWorld Organisation
> 
> http://www.NerdWorld.org
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
>        http://www.phillylinux.org
> Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --
>   http://lists.phillylinux.org/mailman/listinfo/plug
> 

-- 
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos 

Lee Marzke, lee@marzke.net http://marzke.net/lee/ 
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM 
+1 800-393-5217 office +1 484-348-2230 fax 
+1 610-564-4932 cell sip://8003935217@4aero.com VOIP 


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug