On Sun, 23 Jan 2005, Andreas made the net somewhat safer by saying: [..]
So I want to secure this connection with a VPN-connection. But where to start? There are no win98-clients for IPsec out there, but there is an L2TP-client. There are Firewall / Masquerade problems with VPN....
Try OpenVPN. It's easy to setup, and works on a single UDP or TCP port thru a firewall/router. There are servers and clients for both win32 and unices and you can set it up with either static certs or challenge-response cert.
For the right way to split up the secure zones I will set the router like this:
!--------------------! clients---Intranet-----!eth1 ROUTER eth0!---DSL/ISP---> via Cat5 Hub ! with FW, ! ! VPN-server ! client-----WLAN-AP-----!eth2 ! with Wlan !--------------------! +VPN-client
Is this overkilled (additional Network-Card) or easier to configure? Im afraid, there are much concerns to care about, if I plug the WLAN-AP direct to the Intranet-Hub.
Using a firewall on the bastion-host like this is much preferable. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + MSN: twe-msn@ferrets4me.xs4all.nl See headers for PGP/GPG info. +