VPN without fixed IP
hi there, I'm trying to build-up a VPN-Entrance over our Linux-Router (Kernel 2.4.4). Some Road-Warriors of our Company should get the ability to get access to our NT-Server with a Sysbase-DB. First of all I have to learn something about its (VPN) functions: What about DSL-VPN? Is there any chance to create a VPN without a Server-Side fixed IP-Adress? Which Documentation of VPN-Knowledge do you perfer? Thanx4help, René
* R. Ullenboom wrote on Mon, Feb 25, 2002 at 18:43 +0100:
I'm trying to build-up a VPN-Entrance over our Linux-Router (Kernel 2.4.4). Some Road-Warriors of our Company should get the ability to get access to our NT-Server with a Sysbase-DB.
With IPSec or what VPN?
First of all I have to learn something about its (VPN) functions: What about DSL-VPN?
with freeswan (ipsec), it works.
Is there any chance to create a VPN without a Server-Side fixed IP-Adress?
You need a static IP at least on one side of course (otherwise, no machine whould know how to connect the other).
Which Documentation of VPN-Knowledge do you perfer?
I think the freeswan.org documentation is quite useful and nice. Others and me wrote some mails about TDSL and FreeS/WAN that should be available in the mail archives there. Your configuration sounds important. If this is true, I would suggest to not use TDSL but a leased line with static IPs, since it's more reliable. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
hi there,
I'm trying to build-up a VPN-Entrance over our Linux-Router (Kernel 2.4.4). Some Road-Warriors of our Company should get the ability to get access to our NT-Server with a Sysbase-DB. First of all I have to learn something about its (VPN) functions: What about DSL-VPN? Is there any chance to create a VPN without a Server-Side fixed IP-Adress? Which Documentation of VPN-Knowledge do you perfer?
smells like that would be exactly what you need freeswan(ipsec) and x.509 certificates http://www.nadmm.com/show.php?story=articles/vpn.inc Your Michael Appeldorn
What about DSL-VPN? Is there any chance to create a VPN without a Server-Side fixed IP-Adress? Which Documentation of VPN-Knowledge do you perfer?
What about a redirector ? If you dont have a certain point to connect to from road, something like kickme.to/xxxx could be your solution, to resolve to actual ip of your server counterpart ? Your Michael Appeldorn
What about a redirector ? If you dont have a certain point to connect to from road, something like kickme.to/xxxx could be your solution, to resolve to actual ip of your server counterpart ?
If you put a check for the "server"-rw into cron on the other road-warriors it might work. Something like checking if ip-address of server-rw changes, if so restart freeswan on rw. This will do, as long as you don't have any non-freeswan roadwarrior... (or fix Windows to do the cron-job :) But, in principle, I think you can use the script from Hans Hermann Kleinberg. My fault for not noticing earlier. Robert
On Tuesday, 26. February 2002 09:30, Michael Appeldorn got hit on a toe and began to swear:
I'm trying to build-up a VPN-Entrance over our Linux-Router (Kernel 2.4.4). Some Road-Warriors of our Company should get the ability to get access to our NT-Server with a Sysbase-DB. First of all I have to learn something about its (VPN) functions: What about DSL-VPN? Is there any chance to create a VPN without a Server-Side fixed IP-Adress? Which Documentation of VPN-Knowledge do you perfer?
Nope. The author of the article uses a fixed IP on the server side (or hasn't mentioned how to work around the all-side-dynamic-IP problem). For an explanation see http://lists.freeswan.org/pipermail/briefs/2001q4/000028.html and the three posts referred to. Please note, the difficulties mentioned in Claudia Schmeing's post apply to Hans Hermann Kleinberg's solution, too: The road-warriors's don't know when the IP-address of the "Server-road-warrior" changes, so they don't try to restart the connection. The only solution to this is the "Opportunism" method, that allows connections without "prearrangement" (iow, without using existing tunnels, but establishing them at need). Unfortunately the opportunism method isn't ready for prime time, yet, it seems. Robert
participants (4)
-
Michael Appeldorn
-
R. Ullenboom
-
Robert Klein
-
Steffen Dettmer