IPSec VPN

[Redhat]

I'm looking to set up an IPSec VPN for a new company. It is so they can view the customer relations management software from outside the LAN, as it contains a ticket system which needs to be used on the job.

Would it be OK to use FreeS/Wan or OpenS/Wan for this purpose? The host is running Linux, the clients will be using Windows. Does anyone recommend a good IPSec client, apart from the built in XPPro one?

Many thanks.

[Redhat]

No one? I'm also thinking of buying this instead of my current one, which does not seem to support IPSec or VPNs of any type: http://www.savastore.com/productinfo/produ...0249757&pid=206

[homecomputeraid]

Redhat,

The open source products are pretty unwieldy. If you're comfortable configuring and updating them for the customer, go for it.

I'm more accustomed to devices that come with their own IPSEC Client Software like Cisco's VPN Concentrator, or Nortel's Contivity.

Cisco VPN Concentrator:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/

Nortel VPN Router (formerly Contivity):

http://products.nortel.com/go/product_cont...48&locale=en-US

Both solutions are pretty expensive and may not be suitable for a very small office. You could try a Linksys solution. It sounds like it comes with Linksys QuickVPN Client:

http://www.linksys.com/products/product.as...cid=29&prid=589

The manual for the Linksys has some pretty good overviews of what VPN'ing is all about, but you sound like you understand that pretty well Redhat:

ftp://ftp.linksys.com/pdf/rv082-ug-rev_C%20web.pdf

I believe (although I've never done it myself) that Windows XP has a native capability to do IPSec. Here's a document on Microsoft's site concerning IPSec troubleshooting:

http://support.microsoft.com/default.aspx?...kb;en-us;314831

If you buy a hardware device and need help on placement, please post.

[edit]The reason I suggest a device that comes with its own client is that it will work better with the device, and it will usually be easier to configure, have more options, and better troubleshooting abilities than the built in Windows client.

[Redhat]

Thanks very much for all of that!

I was looking into this :

http://www.broadbandbuyer.co.uk/Shop/ShopD...&ShopGroupID=38

I know the brand, they are well known for security in the groups I exist in :D

I think it would be easier, but I would like to set up my own one first, just for kicks and experience :D

OK I have installed Openswan, as it is the carry-on from the discontinued Freeswan. Am about to start configuring it all, will get back to you!

Cheers mate.

[homecomputeraid]

Good luck Redhat!

That looks like a great firewall, but I saw no mention of VPN capabilities.

[Redhat]

Virtual Server Support

I was suggested this router in another forum, I expect this is the VPN bit.

Do I need a VPN router to host a VPN server "behind" it? Will it still route IPSec/PPP/L2TP traffic?

Thanks as always.

[homecomputeraid]

Redhat,

I think the VPN will have to terminate at a server inside the Firewall in that configuration. It's easier to configure if it terminates at the Firewall, that's all.

[Redhat]

Thanks. The current router does not support Protocol 47/50/51 so no VPN with that. I'm looking into business products at PCWB (shame on me :P ) as I have just set up a no-obligation account. The prices seem extremely reasonable!

Thanks for the help so far.

[Redhat]

OK I now have a D-Link with IPSec Passthrough. It also has PPTP but I have a few queries:

After doing some reading (and reading my Security+ revision guide) I've come to the conclusion that PPTP is not secure enough for my needs. I need IPSec.

How would IPSec/L2TP be as far as setting it up in Windows XP Pro? I suppose I could do it with Openswan, but first would like to try with XPPro. Anyone got any links to tutorials for IPSec/L2TP on XP Pro?

Many thanks in advance!

[Redhat]

S'alright, I found one :D http://www.microsoft.com/windows2000/techi.../ipsecsteps.asp

[homecomputeraid]

Let us know how things progress. :)