[pptp-server] Newbie question - hopefully trivial!

Tony Simone tony at secureea.com
Tue Sep 26 13:15:14 CDT 2000


Ron,

Not to stomp on PoPToP, because it is great stuff and I'm very happy using
it, but for your scenario you may
want to consider IPSec.  FreeS/WAN (at www.freeswan.org) is a wonderful
little IPSec implementation that
does exactly what you want.  Like PPTP, there is a kernel rebuild, software
installation, and general
brain-expansion needed to make it work.  I'm currently using it between my
company and a client's office and it
works great.  We are using PPTP for the home users connecting in to each
individual network so they can
browse their network and such.  As another user mentioned, you will still
need WINS to get windoze browsing
going between both sites.

You can certainly do the same thing with PPTP, and it may be easier for you
to configure at this point.  The
advantage of IPSec is that you get heavy duty encryption (3des, although
with many implementations you can
use others), fairly granular control over connections, and keying via RSA
public key exchange.  Understand that
there is a substantial (at least for my brain :) learning curve.

Happy VPN'ing.

-Tony


ron wrote:

> Hi folks,
>
> I want to connect our two offices together using PopTop, and I think I'm
> ok to go ahead and implement it. However, I have a "what then" question!
>
> Our two offices both have Linux firewalls and I have two other Linux
> machines ready to form the VPN connection through those firewalls. I
> want not only to be able to do things like telnet and ftp back and
> forth, but also to be able to have the Windows machines in one office
> browse the windoze machines in the other office. If the termination
> point of the VPN connection is a Linux box, how do I achieve that?
>
> Here are my thoughts so far - any comments would be very welcome, as I
> feeling my way in the dark!
>
> 1. Set up the VPN connection (doh)
> 2. Get the routing tables right on the two VPN boxes, so that traffic
> aimed at the other office goes down the PPTP interface, and other
> traffic goes directly to the firewall (for routing to the internet).
> 3. Set all the machines inside the office, which currently have the
> firewall as their default gateway, to point to the VPN machine as their
> default gateway.
>
> I *think* that'll be ok. But the complicating factor is that we have a
> single class C network which is subnetted between the offices, so that
> our netmask is 255.255.255.128 (in fact it's split into 4 groups, but
> that's unnecessarily complicated). So how would broadcast packets be
> treated? They are no longer being sent out to the same IP address in the
> two offices (one might be 192.168.2.255 and the other might be
> 192.168.2.127) so would the two networks be able to see each other? Or
> have I simply misunderstood the nature of broadcast packets?
>
> As I said, any comments would be very welcome!
>
> Warm regards
>
> Ron
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list