ipcop support

community support forum
It is currently Sun Nov 23, 2014 10:52 pm

All times are UTC [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Microsoft Vpn
Unread postPosted: Mon Jun 09, 2008 4:30 pm 
New User

Joined: Fri Mar 04, 2005 5:25 pm
Posts: 33
Hi All

Anyone could find the time to explain me something about Ipcop and Microsoft Vpn ?

I would like to use an Xp notebook to connect to Windows 2003 srv via Microsoft Vpn; my ipcop 1.4.18 had a RED nic with a public IP address and a GREEN nic providing DHCP to to the LAN

The 2003 SRV is into the LAN net and as been setup as a VPN server using L2TP (more secure ...) ; tested it with the xp notebook onto the same LAN and the server will permit me to connect to it.

Now...how to make the same vpn connection when i'm out of office using XP tools? there's a MOD that will help me to create vpn between xp and win2003 vpn server throught ipcop ?

I've took a look onto this site, someone talks about OPENVPN as a good MOD, but it neeed a client onto the xp notebook...

other solutions ?
Thank in advance
Alex


Top
 Profile  
 
 Post subject: Re: Microsoft Vpn
Unread postPosted: Tue Jun 10, 2008 12:37 am 
Site Moderator

Joined: Wed Apr 28, 2004 1:27 am
Posts: 6967
Location: Beaumont, TX, USA
alexpt@hotmail.com wrote:
I would like to use an Xp notebook to connect to Windows 2003 srv via Microsoft Vpn; my ipcop 1.4.18 had a RED nic with a public IP address and a GREEN nic providing DHCP to to the LAN
Are you saying that port forwarding doesn't work?

alexpt@hotmail.com wrote:
I've took a look onto this site, someone talks about OPENVPN as a good MOD, but it neeed a client onto the xp notebook...
By using the OpenVPN addon for IPCOP (aka Zerina), your VPN connection goes directly to IPCOP (your edge firewall). What you are proposing is to have your VPN server behind IPCOP requiring port forwarding.


Top
 Profile  
 
 Post subject: Re: Microsoft Vpn
Unread postPosted: Tue Jun 10, 2008 10:40 am 
New User

Joined: Fri Mar 04, 2005 5:25 pm
Posts: 33
Post subject: Re: Microsoft Vpn

alexpt@hotmail.com wrote:
I would like to use an Xp notebook to connect to Windows 2003 srv via Microsoft Vpn; my ipcop 1.4.18 had a RED nic with a public IP address and a GREEN nic providing DHCP to to the LAN

Are you saying that port forwarding doesn't work?

In fact i've not tried ... but reading here i understand that this is not a good solution about security bug ...anyway i don't know also what ports i had to forward ...


alexpt@hotmail.com wrote:
I've took a look onto this site, someone talks about OPENVPN as a good MOD, but it neeed a client onto the xp notebook...

By using the OpenVPN addon for IPCOP (aka Zerina), your VPN connection goes directly to IPCOP (your edge firewall). What you are proposing is to have your VPN server behind IPCOP requiring port forwarding.

yes,i know... this will permit me to create a tunnel between external users and ipcop; after that could i create a tunnel from ipcop to the win2003 server?

thanks in advance


Top
 Profile  
 
 Post subject: Re: Microsoft Vpn
Unread postPosted: Tue Jun 10, 2008 6:42 pm 
Site Moderator
User avatar

Joined: Sun Jun 06, 2004 3:38 am
Posts: 3852
Location: Colorado, USA
alexpt@hotmail.com wrote:
but reading here i understand that this is not a good solution about security bug
There are NO "bugs" in PORT FORWARD. But it isn't an optimal solution to move your encryption server INSIDE your edge.

alexpt@hotmail.com wrote:
anyway i don't know also what ports i had to forward
Google L2TP -plenty of articles about which port it uses.

alexpt@hotmail.com wrote:
yes,i know... this will permit me to create a tunnel between external users and ipcop; after that could i create a tunnel from ipcop to the win2003 server?
Running L2TP thru a OpenVPN SSL Tunnel will cause ALOT of overhead - and seems completely unnecessary.

Why bother with L2TP at all? If you just need secure access to systems behind your IPCOP, use the OpenVPN mod and you're done. If you need to fine tune what your OpenVPN traffic can see once it's connected to your IPCOP box - use BOT (i.e. "Bob's" vpn cert allows him to see the file server and the accounting server - "Mary's" vpn cert allows her access just to the file server, etc.).

_________________
For the 2.5^15th time :: Better Details = Better Answers


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group