Opinion: Best VPN to use with Fedora/Windows
leonard.isham at gmail.com
Mon Jan 10 03:07:43 UTC 2005
On Sun, 09 Jan 2005 16:31:51 -0700, Kevin Fries <kevin at hcico.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> OK, I know this type of question always has the danger of starting a
> flame war, that is not my intention, so I ask ahead of time to keep
> the rhetoric down.
> I am beginning to think about installing VPN services. Being that our
> servers are all Fedora, this seems like a logical place to start my
> quest for knowledge. Our network is small, but my users are somewhat
> mobile. I have essentially two servers: the inside server; and the
> outside server. All our desktops, except my desktop, my laptop, and
> the guest office kiosk, are Windows 2000.
> When my guys go on the road, they sometimes need to get information
> from the shares on either someone's desktop, or off a SAMBA share
> hosted on the internal server. Right now, they are using a FTP server
> that essentially does a soft chroot into their home directories on the
> public server, then I build symbolic links to mounted resources to
> give them access to what they want. This system works, but is not as
> stable as I would like (stale NFS links, other machine problems, etc).
> What I would like is to find a VPN solution that I can host on one of
> my servers (internal and external are only indications of their
> primary purpose, the internal server does have Internet access and is
> used as a backup DNS and Postfix server) to allow my guys on the road
> the ability to see the internal network resources. This includes but
> is not limited to the SMB shares and printers. I would also like this
> solution to have Linux and Mac equivalents.
> All our account information is stored in an LDAP server, which is
> retrieved via PAM and the PADL tools. I am slowly reconfiguring my
> software to take the information from the LDAP server directly, and
> would like to limit my options to products that can be configured that
> way. Since I only store accounts in LDAP, it is not critical that all
> settings be stored that way. Postfix is a perfect example: config in
> /etc/postfix but can pull valid users from LDAP. I would also like to
> enable or disable accounts with the use of a objectclass. Users with
> an objectclass of vpnUser for example can use the VPN, otherwise,
> account not found.
> Does anyone else have this Linux back end / Windows & Linux desktop
> setup that is also providing VPN services?
> What are you using?
> What makes you do the happy dance about your solution?
> What makes you curse like a sailor on shore leave about your solution?
> Thanks in advance
> Kevin Fries
OpenVPN hands down no question in my mind.
Cross platform *nix (Linux, BSD, etc.) Windows 2000 and up.
I have been using it since 1.6 Release canidate and it has been rock
solid. It is a true SSL based VPN solution built to be secure and
Leonard Isham, CISSP
Ostendo non ostento.
More information about the users