G'day I have two remote locations that connect to the internet via ADSL (256kb/s), one with address range 192.168.1.0, the other with 192.168.0.0. I am currently exploring ways to make the resources in either subnet available to the other. In each subnet is a SuSE Linux V9.2 machine as a file server. There are only 10 users in one subnet and 3 in the other. What is the best way to link the two? Establish a vpn tunnel? Can I use the SuSE servers using ipsec/pptpd etc, or is it better to replace the two routers and get the tunnel established between the two routers? Is there yet another, and possibly better way to achieve this? What is your experience with either of the setups? Thanks Peter
Peter Sutter wrote:
G'day
I have two remote locations that connect to the internet via ADSL (256kb/s), one with address range 192.168.1.0, the other with 192.168.0.0. I am currently exploring ways to make the resources in either subnet available to the other. In each subnet is a SuSE Linux V9.2 machine as a file server. There are only 10 users in one subnet and 3 in the other.
What is the best way to link the two? Establish a vpn tunnel?
Since you are going across an insecure network (the internet) you will need some sort of encryption, and the notion of a virtual private network is exactly this, so yes.
Can I use the SuSE servers using ipsec/pptpd etc,
Well, you can, but then you would have to make the server the gateway to the other network for every other machine on the network (or possibly set up some redirection rule on the router to point all requests for the remote network to the suse server), as well as set up a reverse NAT for the relevant port(s) for the VPN program you choose to use. If you make the change on the machine that already is the gateway (the router), then you wouldn't have to change anything on any other machine.
or is it better to replace the two routers and get the tunnel established between the two routers?
This would be my preferred solution, I believe it is the simplest to do, as well as the least complex.
Is there yet another, and possibly better way to achieve this?
What is your experience with either of the setups?
I've set up a couple of VPN networks using FreeS/WAN, I haven't used its successor OpenS/WAN. Between two suse machines, it has been relatively straightforward. But then, my setups focused only on access, there were no performance requirements, so I didn't look into that at all
Peter Sutter wrote:
either subnet available to the other. In each subnet is a SuSE Linux V9.2 machine as a file server. There are only 10 users in one subnet and 3 in the other.
By the way, I forgot to mention, if you only have very limited resources that you want to share (for example you only want the file server shared) then you might want to look at an even simpler solution: ssh tunnels. It will provide remote access which is secure and very easy to set up, and you could set it up on the internal server
On Sunday 19 February 2006 08:58, Anders Johansson wrote:
Peter Sutter wrote:
either subnet available to the other. In each subnet is a SuSE Linux V9.2 machine as a file server. There are only 10 users in one subnet and 3 in the other.
By the way, I forgot to mention, if you only have very limited resources that you want to share (for example you only want the file server shared) then you might want to look at an even simpler solution: ssh tunnels. It will provide remote access which is secure and very easy to set up, and you could set it up on the internal server
Thanks Anders, As I thought, routers would be the easiest and most transparent solution. Yes, there is very limited traffic between the two networks, mainly printers and files; so ssh tunneling would be a possibility. There are however still a couple of Win98 and WinXP machines around which need access through the tunnel too; would an ssh tunnel work for these? And what software would I need for the windows machines? Will putty do? Peter
Peter Sutter wrote:
On Sunday 19 February 2006 08:58, Anders Johansson wrote:
Peter Sutter wrote:
either subnet available to the other. In each subnet is a SuSE Linux V9.2 machine as a file server. There are only 10 users in one subnet and 3 in the other. By the way, I forgot to mention, if you only have very limited resources that you want to share (for example you only want the file server shared) then you might want to look at an even simpler solution: ssh tunnels. It will provide remote access which is secure and very easy to set up, and you could set it up on the internal server
Thanks Anders,
As I thought, routers would be the easiest and most transparent solution.
Yes, there is very limited traffic between the two networks, mainly printers and files; so ssh tunneling would be a possibility.
There are however still a couple of Win98 and WinXP machines around which need access through the tunnel too; would an ssh tunnel work for these? And what software would I need for the windows machines? Will putty do?
You don't need special software for the clients, you can set up the tunnel between the two suse boxes, provided you can ssh between them. Something like ssh -L 1000:remoteIP:2000 user@ip will cause any local client who accesses port 1000 on your local machine to be talking to the remoteIP machine at port 2000 instead, and he won't know the difference. For all the local client is concerned, he's talking to a local machine. ssh on suse does all the magic
Peter Sutter wrote:
G'day
I have two remote locations that connect to the internet via ADSL (256kb/s), one with address range 192.168.1.0, the other with 192.168.0.0. I am currently exploring ways to make the resources in either subnet available to the other. In each subnet is a SuSE Linux V9.2 machine as a file server. There are only 10 users in one subnet and 3 in the other.
What is the best way to link the two? Establish a vpn tunnel? Can I use the SuSE servers using ipsec/pptpd etc, or is it better to replace the two routers and get the tunnel established between the two routers? Is there yet another, and possibly better way to achieve this?
What is your experience with either of the setups?
SUSE comes with OpenVPN works very well. It's best to have the VPN terminate on the firewall/router, as it simplifies things. However, you can terminate the VPN on a computer behind the firewall, but that would involve port forwarding at the firewall and an addition to the routing table on every computer that will be using the VPN. In my case, I have a SUSE firewall on one end of the VPN and a notebook on the other. I use the VPN for both remote access and also when I use WiFi at home. Some commercial firewall/router boxes include a VPN, though often PPTP. If you have certain Linksys models, which run on Linux, you can customize them for VPNs and much more.
participants (3)
-
Anders Johansson
-
James Knott
-
Peter Sutter