VPN connection question
glgxg at sbcglobal.net
Fri Sep 28 00:32:39 UTC 2007
On 09/27/2007 04:12 PM, David Vincent wrote:
> Patton Echols wrote:
>> On 09/25/2007 09:34 PM, Gary Jarrel wrote:
>>> To be honest, I do not use the Network Manager for VPN connections. So
>>> if it's noty vital for you and you can get away with using PPTP then I
>>> would recommend pptpconfig.
> ...without reading the rest of this thread...FYI NM has plugins for PPTP
> and OpenVPN which work quite well...
Unfortunately that doesn't address setting up Ipsec sessions.
The routers that we are discussing (BEFXSX41 & BEFVP41) implement ipsec
encryption in hardware within the router, thereby eliminating the need
to employ ipsec client software _if_ the VPN is setup and connected
router to router.
The problem that Patton is trying to solve (as I understand it), is how
best to connect into his BEFSX41 via a remote connection from his laptop
utilizing the ipsec firmware in his SX41. Because his laptop doesn't
have ipsec firmware, he'll need to install an ipsec client in the
laptop. I have a similar issue in that I want to use ipsec with my
BEFVP41 in the very near future.
VPN's using SSL (OpenVPN) or PPTP/Microsoft Point-to-Point Encryption
(MPPE) can certainly be accomplished, and perhaps more easily. But it
would be nice to figure out the best way to utilize the inherent
hardware based ipsec in the existing routers.
For example; I have over 40 VPN's using BEFVP41-to-BEFVP41 for my
existing customers. However, they all terminate in my home office so
that I can monitor, make updates, etc., from one spot. Those customers
in turn have hardware encrypted VPN's that interconnect their stores
etc. Works great - I don't have to worry about VPN software in any
location & I seldom have to get my lazy bones out to a customer site.
However, like Patton, I now have a situation whereby I have a customer
that wants to access the site from home and on the road. He/she doesn't
have a BEFVP41 (or a BEFSX41) so I'll need to install some form of ipsec
client so that the VPN connection is consistant with the terminating
ipsec end-point (BEFxx41), otherwise I then need to run some form of VPN
server on the terminating host. I don't want to do that; I want to keep
it in hardware as much as possible & continue to use ipsec.
If Patton simply wishes to connect into his home PC from his wireless he
can use a VNC connection. That can be plain or encrypted - I do it all
the time. But if he wants to create an ipsec VPN connection into the
BEFSX41 he'll need to have an ipsec client on the remote side.
More information about the ubuntu-users