1. Home
  2. Electronics Design
  3. VPN setup suggestions?

VPN setup suggestions?

Okay, now that the simulation computer is on its way, I need a VPN that speaks Linux so that I can work on it remotely. The VPN needs to speak Linux and not be too hard to set up. There's really not a lot of elementary setup advice out there that seems applicable.

I've not had a lot of luck with the crappy Westell wireless modem/routers that Verizon gives out, so I have in mind something like a component stereo.

I ordered the following:

Zoom ADSL Bridge Modem 5715 (in bridge mode)

Cisco RVL200 4-Port SSL/IPsec VPN Router

Buffalo Technology Wireless-G High Power Router and Access Point with High Gain Antenna WHR-HP-G54 (Access point mode).

DynDNS dynamic DNS service

What I want to do is to have the modem look after the DSL->Ethernet (and hopefully do the PPPoE part), the router to handle the firewall, VPN and port forwarding, and the access point to be an access point.

Will this work? Relevant experience? Other suggestions? Pitfalls to avoid?

I really don't want to become a networking guru if I can possibly help it.

Thanks

Phil Hobbs

--
Dr Philip C D Hobbs
Principal
ElectroOptical Innovations
55 Orchard Rd
Briarcliff Manor NY 10510
845-480-2058

email: hobbs (atsign) electrooptical (period) net
http://electrooptical.net
Reply to
Phil Hobbs
Loading thread data ...

I can't speak to all the stuff you ordered and how to rig that up. However, I have a Westell WireSpeed DSL modem that is now around 10 years old and VPN has never been a problem from here. Ok, not under Linux, it was always Windows OSes.

Other than a HW firewall/router there ain't nothing else here in terms of fancy network technology. Except for a WLAN router with its router section disabled, so I can use wireless.

No whizbang PC/LAN guru in the area? It may cost a few hundred but those guys should be able to set you up. Finding one with enough of a Linux background could be a challenge though but I found that there is a surprising number of IT professionals who use Linux at home.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
Reply to
Joerg

Look for a Linux User Group in your area, or check out some of the Linux newsgroups.

Good Luck! Rich

Reply to
Rich Grise

Yup. The problem is the time investment in either--I'm booked pretty well solid just now. I may have to pay someone to do it for me if this doesn't work.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal
ElectroOptical Innovations
55 Orchard Rd
Briarcliff Manor NY 10510
845-480-2058

email: hobbs (atsign) electrooptical (period) net
http://electrooptical.net
Reply to
Phil Hobbs

t

ers

High

nd

nd

to

it.

x

Yes, pay us. We can setup Linux VPN with IPSEC. There are even VPN routers for Windoz using old Linux kernel 2.4. On the other hand, we (my left and right hands) are pretty busy doing other things as well.

Reply to
linnix

The part 'Speak Linux' is not clear. But if you have a hardware VPN box already, then you can connect to your network from some external Client. or another VPN endpoint. We use a RV042.

If you don't want the Hardware VPN, you could have used OpenVpn. Then each endpoint would be a software VPN. The Guys use this from their home.

At this point you have access to your network, SMB or maybe Samba shares. If you want to access linux you can VNC into Gnome desktop (which is what I do, its built into Gnome now) using Tight VNC or something else. Or use ssh and get to the Linux console. (Putty comes to mind). But you can just run a terminal window in Gnome for the same effect.

Hope that helps.

Cheers

Reply to
Martin Riddle

rs

igh

d
d

to

it.

x

or

The VPN we had to do was for SMB clients who insists on security with an unsecured protocol. We put some VPN routers together in 128MB Compact Flash Drives, much of it is for apache server for web configurations.

h

Just transform an old unusable PC for the IPSEC VPN. For example, a customer's Dual Core Athelon with 1GB memory is too slow for Windoz

  1. So, it's perfect for VPN.
Reply to
linnix

Have you considered using TightVNC for remote desktop. Works under Linux and Windows. All you need to do is punch a hole in your router for the proper port.

Reply to
qrk

No, but I'll look at it, thanks. At a minimum I need to be able to serve https, rsync, and ssh with X passthrough. It would be a plus to be able to use samba as well, so I can get to my NAS devices.

By 'speaking Linux', I mean that it shouldn't be some Windows-specific thing that needs a Windows-only client program. Some SSL VPNs seem to be like that.

Thanks

Phil Hobbs

--
Dr Philip C D Hobbs
Principal
ElectroOptical Innovations
55 Orchard Rd
Briarcliff Manor NY 10510
845-480-2058

email: hobbs (atsign) electrooptical (period) net
http://electrooptical.net
Reply to
Phil Hobbs

Yes, although check how much power it's drawing -- some older PCs can be upwards of a couple hundred watts, and if on 24/7 can end up costing you some tens of dollars a month in electricity, which can provide a payback for a dedicated router box (typically using no more than 10W or so) in just a few months.

---Joel

Reply to
Joel Koltner

I wouldn't be averse to doing that, for a turn-key solution. That means something that requires minimal maintenance, i.e. small boxes, not old PCs,

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal
ElectroOptical Innovations
55 Orchard Rd
Briarcliff Manor NY 10510
845-480-2058

email: hobbs (atsign) electrooptical (period) net
http://electrooptical.net
Reply to
Phil Hobbs

It just dawned on me, I initially couldn't remember the name but this is the box that supposedly does VPN under Linux without needing any "old PC kludge":

formatting link

But it's expensive, around $350. Dell carries them. Another option may be cheaper Netgear routers, for some of which you can (or hopefully still can) buy extra configuration software for an extra $10 or so.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
Reply to
Joerg

a
d
d

to

it.

But I hated to throw again perfectly good hardware (old PCs).

VPN (IPSEC or PPPoE) requires a bit more juices than your regular router. And sometimes, the customer wants local storage (i.e. hard drive) and print server. Before long, VPN routers turns into VPN servers.

Reply to
linnix

I would just use SSH with suitable port forwarding. Simple and you already do have the client. Access to NAS devices might be tricky, though, if you've got multiple devices.

--
Mikko Syrjalahti
Reply to
Mikko =?iso-8859-1?Q?Syrj=C3=A

A lot of the cheaper Netgear routers don't support L2TP as the tunneling protocol, and while arguably L2TP isn't as good as IPSEC (which pretty much every VPN-capable router I've ever seen offers), the fact that Windows comes with a built-in L2TP client and not an IPSEC client (...this is why you're paying that extra $$$ per copy with the Netgears -- to purchase an IPSEC client...) makes me prefer having a router that has L2TP built-in.

That being said, since I think Phil said he's planning on using Linux boxes, he might not care much about L2TP. As such, this box bears some review:

formatting link
... ~$130 at Amazon. An upside of Netgear is that they're very well-known, although I've found that there's sometimes better bang-for-the-buck with some of the lesser-known brands such as DrayTek, e.g., this VPN router for $140:
formatting link
.

---Joel

Reply to
Joel Koltner

Why not use the ssh daemon for that purpose? You can tunnel about anything over ssl. The only thing you'll need is to forward port 22 to the Linux machine. Look into fuse and X-forwaring over ssl.

--
Failure does not prove something is impossible, failure simply
indicates you are not using the right tools...
nico@nctdevpuntnl (punt=.)
--------------------------------------------------------------
Reply to
Nico Coesel

have

multiple

One option is sshfs. It is basically a file system that uses sftp.

Reply to
AZ Nomad

Sure, but older generation PCs that run 24/7 can rack up quite a chunk on the utility bill and Phil didn't want that solution.

Ok, that's a different caliber then. I assume Phil doesn't want to go quite that far.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
Reply to
Joerg

Probably best to make sure it can do both. Keeping a consulting business like Phil's strictly Linux-centered might prove impossible or at least cumbersome in the long run.

formatting link

formatting link

Personally I'd prefer the first one, I am not too fond of LAN stuff or any electronics for that matter in plastic enclosures because you can't easily tame EMC issues.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
Reply to
Joerg

have

multiple

I use sshfs inside the firewall just fine. There's a bit of a bandwidth issue with it, though, especially for rsync. The native rsync server is dramatically faster, even with the little NSLU2 NAS devices I have.

Probably I'll try getting the router's SSL VPN to work, and failing that, I'll just put the simulation machine in the DMZ and use that for now.

Thanks

Phil Hobbs

--
Dr Philip C D Hobbs
Principal
ElectroOptical Innovations
55 Orchard Rd
Briarcliff Manor NY 10510
845-480-2058

email: hobbs (atsign) electrooptical (period) net
http://electrooptical.net
Reply to
Phil Hobbs

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.