Matt Murphy on 12 Sep 2012 17:56:15 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Virtual Network Question

Hamachi. Nearly zero-configuration VPN. Then VNC to see your desktop or Windows remote or whatever.

On Wed, Sep 12, 2012 at 8:43 PM, Lee H. Marzke <lee@marzke.net> wrote:
Casey,

You are talking about a Virtual Private Network (VPN) connection.

Most linux users prefer OpenVPN, which has clients for Windows and Linux, Âbut
there are also IPSEC VPN's, L2TP (tunnel, no encrypt), and PPTP.

OpenVPN is generally easier to setup, but you will have to run the
OpenVPN server somewhere. Â ÂSO you could run it on any internal
server on your LAN, Âand setup Firewall port forwards to allow
port 1194 UPD into that box. Â Â Best practice would be to have
two NICS on the box so that VPN traffic comes in one NIC, and traffic
reaches your LAN from another NIC. ÂThe first NIC is placed in the
DMZ zone of your firewall.

If this is a core feature that you want to have all the timeyou also might
consider setting up a more complex firewall/router that includes the VPN
feature on the same box. ÂGenerally you dedicate a small, low-powered PC
to just the firewall/router function, something like an old Celeron based
system with 512Mb RAM.

For instance right now I'm in Wegmans on their WiFi, with a VPN connection
open to home. Â( So all my traffic is encrypted and they can't see it, but
there SonicWall also can't filter websites as all my web traffic is hidden
to them and other WiFi users )

I've previously given a talk about a commercial open-source solution for this
called Endian Firewall [1] at PLUG central. Â This is a Linux based firewall
with OpenVPN, Squid Proxy, DansGuardian, Snort IDS, and many other security
feautures. ÂHowever it is a real resource hog, Âand I'm now in the process of
switching to pfSense which is a OpenBSD based solution. ÂI'm finding that
pfSense is more flexible, Âbut quite a bit harder to understand. ÂBOTH
of these solutions have a GUI for all settings.

If there is interest in a PLUG talk on my Infrastructure I could do that.
I'm actually running pfSense as a virtual machine ( under Vmware vSphere ).
My SAN storage is actually created from (6)local disks by another VM running
a Solaris ZFS instance under VMware. ÂSo my whole data center running 12+
servers fits in a 1/2 height rack with one actual Dell 2U server, a cisco
switch, Â2 APC UPS's and a backup NAS.

Just to be clear, ÂI have a few Linux VM's running here, but the majority
of the infrastructure is VMware, Cisco, ÂBSD, Âand Solaris ( soon to be
openIndiana ) for ZFS storage. ÂI also use 1Gbs LC fibre links between
cisco switches as 1Gb fibre is dirt cheap these days. Â Is this close
enough to Linux to be of interest to people ?


[1] http://plone.4aero.com/Members/lmarzke/talks/plug_utm/index/presentation_view





----- Original Message -----
> From: "Casey Bralla" <MailList@nerdworld.org>
> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
> Sent: Wednesday, 12 September, 2012 6:15:07 PM
> Subject: [PLUG] Virtual Network Question
>
> My work computer (Windows 7) has a web application that calls back to
> the office
> server and sets up a Virtual Network with my work network. ÂI
> therefore can
> access Outlook and networked files directly from my work PC.
>
> I want to do the same thing back to my home network, so my traveling
> netbook
> will be assigned an local IP from my home network, and I can easily
> mount nfs
> drives from servers on my home network (which, naturally, are behind
> a
> firewall).
>
> I've used various VNC programs in Linux (TightVNC, etc), but they all
> seem to
> be focused on running a remote desktop. ÂI want a remote & secure
> connection
> to my home network.
>
>
> Googling so far has just brought up references to TightVNC and the
> like. ÂCan
> sombody point me to a source for a true Virtual Network connection
> between my
> laptop and my home?
>
>
> Thanks!
> --
>
> Casey Bralla
>
> Chief Nerd in Residence
> The NerdWorld Organisation
>
> http://www.NerdWorld.org
> ___________________________________________________________________________
> Philadelphia Linux Users Group     --
> Â Â Â Âhttp://www.phillylinux.org
> Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion Â--
> Â http://lists.phillylinux.org/mailman/listinfo/plug
>

--
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos

Lee Marzke, lee@marzke.net http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217Âoffice +1 484-348-2230 fax
+1 610-564-4932Âcell sip://8003935217@4aero.com VOIP


___________________________________________________________________________
Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug