I am planning to set up ADSL access in to our group of servers at a secure location. The ISPs we have been in touch with will give us a 100Mbit ethernet VLAN to their network so that the L2TP connections from our clients' DSL routers can terminate in our equipment. We are aware that Cisco 3600 series routers can do this but they cost something like £10,000 !! We are interested in getting an alternative running. I suggested that we get a reasonably solid (e.g. Dell) 1U server with SuSE Linux server or SLES and two fast ethernet cards. The questions are these... 1) Can one of the SuSE Linux products (doesn't matter which, we can afford it) act as a fully fledged router? 2) Can it do VLANs over ethernet? 3) Can it act as a LNS for an L2TP circuit, such as those from DSL routers, authenticating against a RADIUS server? 4) Has anyone done anything like this before? It's been surprisingly hard to answer these questions, Googling, etc.! Thanks and Regards, Carl Peto
/ 2004-04-07 18:21:25 +0100 \ Carl Peto:
1) Can one of the SuSE Linux products (doesn't matter which, we can afford it) act as a fully fledged router?
Yes. Any linux can. There is nothing special in routing...
2) Can it do VLANs over ethernet?
Yes of course. Any linux can. See freeswan/openswan. Probably some distro dedicated to this task is easier to setup than a general purspose distro...
3) Can it act as a LNS for an L2TP circuit, such as those from DSL routers, authenticating against a RADIUS server?
I think I have seen this setup somewhere. Probably needs to use some pam module authenticating against radius. Don't know exactly how to configure this, though. Lars Ellenberg
3Com do some interesting network cards that may be of interest. They support advanced security features, such as onboard hardware encryption, and remote management. For full specs please see www.3com.com. I don't actually use a 3com PCI network card, but found the specs very impressive. Kind Regards - Keith Roberts
2) Can it do VLANs over ethernet?
Yes of course. Any linux can. See freeswan/openswan.
oops. VLAN != VPN.
but still:
# rpm -qip /SuSE-9.0/CD1/suse/i586/vlan-1.7m-32.i586.rpm
Name : vlan Relocations: (not relocateable)
Version : 1.7m Vendor: SuSE Linux AG, Nuernberg, Germany
Release : 32 Build Date: Di 23 Sep 2003 19:10:55 CEST
Install date: (not installed) Build Host: lambert.suse.de
Group : Productivity/Networking/Other Source RPM: vlan-1.7m-32.src.rpm
Size : 93568 License: GPL
Signature : DSA/SHA1, Di 23 Sep 2003 19:30:59 CEST, Key ID a84edae89c800aca
Packager : http://www.suse.de/feedback
URL : http://scry.wanfear.com/~greear/vlan.html
Summary : 802.1q vlan implementation for Linux
Description :
802.1q vlan implementation for Linux. See
http://scry.wanfear.com/~greear/vlan.html for more information.
Authors:
--------
Ben Greear
/ 2004-04-07 18:21:25 +0100 \ Carl Peto:
1) Can one of the SuSE Linux products (doesn't matter which, we can afford it) act as a fully fledged router?
Lars Ellenberg wrote: please see www.snapgear.com, they make linux routers.....excellent products. We use it at several client sites....
Yes. Any linux can. There is nothing special in routing...
2) Can it do VLANs over ethernet?
Yes of course. Any linux can. See freeswan/openswan. Probably some distro dedicated to this task is easier to setup than a general purspose distro...
3) Can it act as a LNS for an L2TP circuit, such as those from DSL routers, authenticating against a RADIUS server?
I think I have seen this setup somewhere. Probably needs to use some pam module authenticating against radius. Don't know exactly how to configure this, though.
Lars Ellenberg
Lars, No. 2) that's VLAN not VPN ! This means something like 802.1Q tagging and what else. Works on MAC level and transports broadcasts as well. But to answer the original questions from Carl: Yes, this is possible as well ! No.3) http://www.l2tpd.org/ http://mia.ece.uic.edu/~papers/volans/l2tpd.html http://mia.ece.uic.edu/%7Epapers/volans/l2tpd.html http://sourceforge.net/projects/l2tp/ HTH, Philipp Lars Ellenberg schrieb:
/ 2004-04-07 18:21:25 +0100 \ Carl Peto:
1) Can one of the SuSE Linux products (doesn't matter which, we can afford it) act as a fully fledged router?
Yes. Any linux can. There is nothing special in routing...
2) Can it do VLANs over ethernet?
Yes of course. Any linux can. See freeswan/openswan. Probably some distro dedicated to this task is easier to setup than a general purspose distro...
3) Can it act as a LNS for an L2TP circuit, such as those from DSL routers, authenticating against a RADIUS server?
I think I have seen this setup somewhere. Probably needs to use some pam module authenticating against radius. Don't know exactly how to configure this, though.
Lars Ellenberg
--- Lars Ellenberg
/ 2004-04-07 18:21:25 +0100
I think I have seen this setup somewhere. Probably needs to use some pam module authenticating against radius. Don't know exactly how to configure this, though.
u might want to look at Radiator RADIUS.. it supports a ton of applications and is easily configurable for authentication against your MySQL database.. no PAM modules required..
Lars Ellenberg
Regards, Mark. __________________________________ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/
participants (6)
-
Carl Peto -
Keith Roberts -
Lars Ellenberg -
Mark Tinka -
pheonix1t -
Philipp Rusch