Mailinglist Archive: opensuse-security (204 mails)

< Previous Next >
Re: [suse-security] WLan ->(Intranet) ->Internet Howto?
  • From: "Theo v. Werkhoven" <twe-suse.sec@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 25 Jan 2005 23:44:15 +0100
  • Message-id: <20050125224415.GA19128@xxxxxxxxxxxxxxxx>
On Sun, 23 Jan 2005, Andreas made the net somewhat safer by saying:

[..]
> So I want to secure this connection with a VPN-connection.
> But where to start? There are no win98-clients for IPsec out there, but
> there is an L2TP-client. There are Firewall / Masquerade problems with
> VPN....

Try OpenVPN.

It's easy to setup, and works on a single UDP or TCP port thru a
firewall/router. There are servers and clients for both win32 and
unices and you can set it up with either static certs or
challenge-response cert.

> For the right way to split up the secure zones I will set the router
> like this:
>
> !--------------------!
> clients---Intranet-----!eth1 ROUTER eth0!---DSL/ISP--->
> via Cat5 Hub ! with FW, !
> ! VPN-server !
> client-----WLAN-AP-----!eth2 !
> with Wlan !--------------------!
> +VPN-client
>
> Is this overkilled (additional Network-Card) or easier to configure?
> Im afraid, there are much concerns to care about, if I plug the WLAN-AP
> direct to the Intranet-Hub.

Using a firewall on the bastion-host like this is much preferable.

Theo
--
Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org
ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131
SUSE 9.2 + Jabber: muadib@xxxxxxxxxxxxxxxx
Kernel 2.6.8 + MSN: twe-msn@xxxxxxxxxxxxxxxxxxxx
See headers for PGP/GPG info. +

< Previous Next >
References