Re: VPN

["M.Hockings" <veeshooter hockings net>]

Mark Knecht wrote:

> On Thu, 2003-12-04 at 10:42, Dan Schad wrote:
>  
>
> > Mark,
> >
> > What VPN should do (setup as) is a virtual gateway into your other LAN.
> > Office, Home, etc, etc.  It's a way to remotely attach to separate
> > LANs using the Internet.
> >    
>
> Yep, that I understand. 
>
>  
>
> > So, in this case, both LANs know how to talk to each other via the VPN
> > just like a dial-up connection or a T1 per say.  Once the connections
> > are made as long as your firewall settings allow it you can have full
> > access to all ports UDP and TCP.  That is, you should setup our Linux
> > box to be the gateway, router, VPN, etc.
> >    
>
> The difference I'm experiencing is that when I'm using an M$ style VPN,
> and I open Internet Explorer, and I tell it to connect to 192.168.1.X,
> the machine it connects to is on the work network, not the local
> network. In M$'s model, the VPN connection appears to make the complete
> local XP machine, and all of the local apps, act like they are on the
> remote network. In the Linux VPN model (Assuming VPN==ssh) the only part
> of my machine that is part of the remote network is the terminal I run
> ssh in. If I start Mozilla locally, it connects to 192.168.1.X on my
> network.
>
> Using the M$ style VPN, IE6 locally can display what it gets from a web
> server on the remote network using the remote DNS servers. 
>
> With the Linux style, when I start Mozilla it doesn't do this, so I
> cannot use it to directly read email from the remote email web
> interface.
>
> Or maybe I don't know how to do it.
>
>  
>
> > As far as the VPN, I setup a VPN gateway as a firewall and VPN server for my
> > home
> > network.  All my access passes thru that box.  I have linux and windows
> > running
> > and have complete access to all my company resources.  We use FreeSwan, it's
> > a great free product out of Canada.  You IPTables (or IPChains for older
> > Linux
> > builds) for your firewall.  Between the two you should be able to get a VPN
> > into
> > your office and get access to all the network resources.
> >    
>
> I think I agree. I can do pretty much the same, but with the Linux style
> I need to run Mozilla remotely to use the remote web server. If I run it
> locally it just acts like it always does.
>
> Hope I'm making the complicated picture clearer and not more
> complicated! ;-)
>
> Thanks,
> Mark 
Just some thoughts...

I don't think that you should presume that SSH is the same as VPN.  To 
me SSH is a secure connection from one machine to another machine.  VPN 
is a secure tunnel into a remote network.  Probably what you want to do 
is try some VPN client for Linux (OpenVPN or FreeSwan ?  have not tried 
either myself tho).  Then you would have the same connectivity as you do 
when running a VPN client on Windows.  And better than trying to defeat 
your IT's security by running some sort of reverse SSH connection.

WRT to running a VNC server on your Windows box.  Be aware that VNC on 
Windows is not as "nice" as VNC on Linux.  That is, if you connect to 
your Windows box with VNC and log on then what ever you are seeing on 
VNC is being shown on the Windows screen and thusly could be being 
observed by the cleaner or even worse someone by the machine now has 
access to the machine itself.  I don't know if this problem exists with 
TightVNC as I have not played with that (yet :-).

Mike