[pptp-server] Lan to Lan/Linux to Linux vpn connection
Cowles, Steve
Steve at SteveCowles.com
Fri Apr 27 16:12:08 CDT 2001
> -----Original Message-----
> From: John Vaughan [mailto:jvaughan at maad.com]
> Sent: Friday, April 27, 2001 2:58 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Lan to Lan/Linux to Linux vpn connection
>
>
> Hello
>
> Was wondering if anyone knew how or where to get specific
> information on a lan to lan connection using two linux boxes.
>
> Our situation:
>
> We have a primary office running a Linux Redhat 6.2 distro with
> 2.2.16 kernel. This is setup to allow VPN connections from
> windows laptops and home users. Works fine.
>
> We have a secondary office in another state. This office has
> a Linux Redhat 6.2 distro with 2.2.16 kernel also. This is setup
> to allow VPN connections from the laptop and home users wanting
> to access that office. Works fine.
>
> What we want to do is configure the Linux boxes so the people
> in the smaller office will have an always on VPN connection to
> the main office. Right now we just want the smaller office to
> be able to get onto the larger office lan and not vice-versa.
>
> Anyone have any ideas on how to accomplish this???
>
> thanks
If your open to new ideas, try using IPSEC for your lan-to-lan tunnels and
stay with using pptp for your host-to-lan tunnels (road warriors). You can
run both concurrently.
Checkout: http://www.freeswan.org for FreeS/WAN ipsec source code and
http://jixen.tripod.com for some very good examples on how to setup a
lan-to-lan VPN using IPSEC.
If you must continue using PPTP, then you will need to download the pptp
client at http://cag.lcs.mit.edu/~cananian/Projects/PPTP and then establish
a PPTP tunnel between your two linux boxes at each office. Then manually add
the appropriate network routes for each LAN. The only thing I can think of
to block two way traffic across the lan-to-lan tunnel would be to use
ipchain rules to allow small office to large office traffic only.
Steve Cowles
More information about the pptp-server
mailing list