-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
OK, I know this type of question always has the danger of starting a flame war, that is not my intention, so I ask ahead of time to keep the rhetoric down.
I am beginning to think about installing VPN services. Being that our servers are all Fedora, this seems like a logical place to start my quest for knowledge. Our network is small, but my users are somewhat mobile. I have essentially two servers: the inside server; and the outside server. All our desktops, except my desktop, my laptop, and the guest office kiosk, are Windows 2000.
When my guys go on the road, they sometimes need to get information from the shares on either someone's desktop, or off a SAMBA share hosted on the internal server. Right now, they are using a FTP server that essentially does a soft chroot into their home directories on the public server, then I build symbolic links to mounted resources to give them access to what they want. This system works, but is not as stable as I would like (stale NFS links, other machine problems, etc).
What I would like is to find a VPN solution that I can host on one of my servers (internal and external are only indications of their primary purpose, the internal server does have Internet access and is used as a backup DNS and Postfix server) to allow my guys on the road the ability to see the internal network resources. This includes but is not limited to the SMB shares and printers. I would also like this solution to have Linux and Mac equivalents.
All our account information is stored in an LDAP server, which is retrieved via PAM and the PADL tools. I am slowly reconfiguring my software to take the information from the LDAP server directly, and would like to limit my options to products that can be configured that way. Since I only store accounts in LDAP, it is not critical that all settings be stored that way. Postfix is a perfect example: config in /etc/postfix but can pull valid users from LDAP. I would also like to enable or disable accounts with the use of a objectclass. Users with an objectclass of vpnUser for example can use the VPN, otherwise, account not found.
Does anyone else have this Linux back end / Windows & Linux desktop setup that is also providing VPN services?
What are you using?
What makes you do the happy dance about your solution?
What makes you curse like a sailor on shore leave about your solution?
Thanks in advance Kevin Fries -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB4b7niFq1Eo16+CgRAluiAJ4yZmJtJ0zhvPiQaWj+a/AlSuN5cACeJRqa j0GTAfnxcfatESaAf2n4Iqs= =Y/fj -----END PGP SIGNATURE-----