[TCLUG] is there such an animal

[Tom Hudak]

I can't say the exact route to configuration, but the cisco VPN client,
and the former SSH sentinel client (Which has been purchased by a
company in Finland) both offer easy deployment to clients and the
ability to create config scripts to auto-setup connections.

As far as the router/firewall goes, if you are planning to upgrade the
firewall end - Astaro (www.astaro.com) is a nice router/firewall for VPN
connections, logging, management etc. (It can also do inline spam/virus
filtering, web-content filtering, SMTP proxy etc, and is a firewall at
it's core.) If you are not planning this, then a VPN endpoint is needed
inside the router, and possibly inside but most likely along-side the
firewall.

You might even be able to do this at the routing level if your routers
can do IPSec.

If you don't have a VPN end-point a linux box running freeswan will work
nicely - although it may not have a nice web-based front-end, you can't
complain about remote management via console. That can be troublesome
if, without going into the plethora of reasons why, "users" need access
to the admin interface for which a console is not appropriate.

Without knowing exactly what you have, that should at least give you a
brief idea of what's there. The routing and firewalling is a trivial
issue that should be handled easily - you will by far spend more time
tweaking the ipsec stuff to work properly and efficiently and provide an
administrative interface appropriate to your situation.

-----Original Message-----
From: tclug-list-bounces at mn-linux.org
[mailto:tclug-list-bounces at mn-linux.org] On Behalf Of Raymond Norton
Sent: Tuesday, February 03, 2004 11:06 AM
To: tclug-list at mn-linux.org
Subject: RE: [TCLUG] is there such an animal

> Do you want outside access to internal networks via VPN, or do you
want
> district x to be able to see things inside district y via a tunnel? or
> both? We need to know a bit more about what your trying to do, but it
is
> most certainly possible with IPSec and some routing.



The vpns would be from school staff at home > our border firewall >
school
router> school firewall> school network.


My main concern is to be aware of all vpns that access our network and
be
able to monitor, log, and terminate connections if need be.


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list