Hello list people,
I thought I'd throw this one over to you for some feedback.
I have to set up a vpn both locations are using Netgear DG834g routers. The main location has a Ubuntu Hardy box being used as a samber server for a small handful of Win XP/Vista and Ubuntu boxen. There is a XP box used as a print server (I know cups would be better but it's a location thing). Basically they need file shares across a vpn with printing handled locally at each location.
What is the best way of attacking this, the hardware route using routers or using tunneling protocols?
Cheers, BigJohn
John
It depends on how the VPN is setup. The only ADSL routers I have used which had VPNs you put which IP addresses were at the other side of the tunnel. If this is the case then use different private IP addresses ( 192.168.0.x/24 on the first router, 192.168.1.x/24 on the second, etc ) and then they will connect nicely.
If you then use IP addresses to map windows drives then its OK ( ie \192.168.0.24\pics ) if you want more descriptive then either use DNS \server\pics Or make one of the M$ PCs into WINS server and make all the devices point to it, but this will create a BIG M$ problem when the WINS server is not contactable - the M$ PCs will appear to freeze.
HTH Keith
-----Original Message----- From: main-bounces@lists.alug.org.uk [mailto:main-bounces@lists.alug.org.uk] On Behalf Of John Woodard Sent: 04 August 2008 08:37 To: ALUG Subject: [ALUG] VPN thoughts
Hello list people,
I thought I'd throw this one over to you for some feedback.
I have to set up a vpn both locations are using Netgear DG834g routers. The main location has a Ubuntu Hardy box being used as a samber server for a small handful of Win XP/Vista and Ubuntu boxen. There is a XP box used as a print server (I know cups would be better but it's a location thing). Basically they need file shares across a vpn with printing handled locally at each location.
What is the best way of attacking this, the hardware route using routers or using tunneling protocols?
Cheers, BigJohn
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Mon, 2008-08-04 at 08:37 +0100, John Woodard wrote:
What is the best way of attacking this, the hardware route using routers or using tunneling protocols?
We use the built in office to office vpn functionality in the later firmware builds on the 834's at a few places and it seems perfectly functional. Pretty much set up both routers in GtoG mode defining the local and remote internal subnets relative to each end and the ipaddress of the other gateway and of course the shared secret..there is a wizard to do this. The VPN will then be routed to when either end tries to contact the others subnet, initiation is bi-directonal as well and we have found that everything recovers gracefully after a line loss/router reset etc.
I'd recommend using the very latest firmware that your hardware revision of the 834 supports and don't even bother trying with V1 of the hardware (the silver one, v2's and 3's are white)
As Keith points out then once you have the link up you want to really be doing local name resolution at both ends, otherwise name lookups when the link is busy or unavailable will lead to problems. depending on the number of clients at each end do this with DNS/hosts files.
There are a couple of further complications if you have a domain at one end and want the remote end to log onto your domain, I won't bore you with those unless you need them.
The only obvious limitation I can see to this setup is there is a limit of how many tunnels the 834 can support so this doesn't work so well for remote workers etc and as far as I can remember there is no way to filter vpn traffic (the 834's built in firewall only relates to the external interface I think)
-
John Woodard -
keith.jamieson@bt.com -
Wayne Stallwood