RE: VPN

[Dan Schad <dschad seielect com>]

Sorry to be long winded, but thought I would respond to a couple of the
emails sent out last night.

> ** sniped **

>   Let's take your diagram, but let's extend it and apply it to how my real
>home network (and possibly Brad's) looks, and how my home network works
with
>Windows VPN clients:
>
>                              ISP DNS
>worksys1 --+                      |              +-- (VPN) homesys1
>worksys2 --+-- router ---- VLAN --+-- firewall --+-- homesys2
>worksys3 --+                      |              +-- homesys3
>worksysDNS-+                    Yahoo
>
>   First, I don't really have a 'router' at home, as I understand routers.
I
>have a firewall that is capable of being configured as a router, but I
don't
>have that button clicked. The M$ VPN link happens without a 'router'.
>(Please correct me on this point if I'm wrong as I understand this could be
>critical in my getting this.)

Mark,

Note regarding VNC == ssh == VPN.  I believe it was said already but these
are all
different beasts.  What I was trying to say is, that once you setup a VPN
then
ssh or VNC would have access to your company's systems, not that ssh or VNC
is a type of VPN - they are not.  Without VPN you most likely would not be
able
to access your work systems using ssh or VNC or PCAnywhere for that matter.
If
you can then your network is not very secure.


I've read the chain on this this morning and a couple of things are going on
here.
1. It sounds like you want each system at home to have access to the Work
systems?
2. You want access to the WWW at the same time?
3. You have only one system behind a FW at home that has any VPN software on
it.

I wanted to make a couple of statements about VPN as well.
1. VPN does not change your network it simply creates a path thru which you
can
connect to another network.  All other access to local systems should still
exist.
2. Rick and others are correct about SSH, it is a secure Telnet session
nothing more.
3. VNC, PCAnywhere, CarbonCopy, etc, etc are screen duplication programs,
what happens 
on your screen happens on the other PC screen.  NOTE: In VNC you can turn
off the remote
screen and not allow access thru settings in VNC (reply to other poster).
4. A router provides a single point of access for all systems behind that
router to other
networks, like the WWW or some other private network.  Note:  the WWW is
just a collection
of a bunch of other networks with routers also.

Not to be too redundant but I would like to draw another different graphic.

Use of VPNs

(( Work Network ))  -- VPN Server/FW  -- Router  **********  -- Router  --
VPN Server/FW -- (( Home Network ))

or 

(( Work )) -- VPN/FW/Router ********* -- VPN/FW/Router -- (( Home ))

Some Routers have VPN built into them.  Using the same routers on both sides
provides 
an easy VPN solution since all the VPN encryption and methods are the same.
No need 
to guess (to Rick's point).  In either case above, if you want all your
systems
at home to access the network at the office you either need VPN on each
system OR
(I think a better solution) is to have a single VPN point of access and
everything
at your home points to the VPN established system/router as their gateway.

The trick above is your DNS configuration.  You have work DNS entries that
the
WWW does not know about.  What I do at home since I have a Linux system as
my
router/fw/and vpn server is to point my home systems to our work DNS that
can
resolve both company and WWW entries.  There are other more elegant ways to
do this
also.

So, you have a couple of choices.
1. I would recommend you put a VPN/FW/Router combination at your home.
Linux works
great for this (ie the FreeSwan idea) (it would be a different standalone
system
in addition to what you already have.  I use an old notebook (P166 with 32MG
Ram
works GREAT!)

>   Maybe the concept here is that the M$ VPN client is the 'router' in your
>diagram for homesys1 only?

2. To your point above: You can point everything to the Win XP system that 
runs the M$ VPN and enable portforwarding on that system and use it as a 
gateway into your office stuff.

3. You can continue to just use the one Win XP system and continue to use 
VNC or other packages but would still not have access from the Linux system
to your Work systems.

4. Setup FreeSwan or other VPN software on your Linux box and attempt to get
it
working independently from the other systems to access your work systems.

> ** sniped **

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list redhat com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request redhat com
Subject: unsubscribe