On Sun, 09 Jan 2005 16:31:51 -0700, Kevin Fries <kevin@xxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OK, I know this type of question always has the danger of starting a > flame war, that is not my intention, so I ask ahead of time to keep > the rhetoric down. > > I am beginning to think about installing VPN services. Being that our > servers are all Fedora, this seems like a logical place to start my > quest for knowledge. Our network is small, but my users are somewhat > mobile. I have essentially two servers: the inside server; and the > outside server. All our desktops, except my desktop, my laptop, and > the guest office kiosk, are Windows 2000. > > When my guys go on the road, they sometimes need to get information > from the shares on either someone's desktop, or off a SAMBA share > hosted on the internal server. Right now, they are using a FTP server > that essentially does a soft chroot into their home directories on the > public server, then I build symbolic links to mounted resources to > give them access to what they want. This system works, but is not as > stable as I would like (stale NFS links, other machine problems, etc). > > What I would like is to find a VPN solution that I can host on one of > my servers (internal and external are only indications of their > primary purpose, the internal server does have Internet access and is > used as a backup DNS and Postfix server) to allow my guys on the road > the ability to see the internal network resources. This includes but > is not limited to the SMB shares and printers. I would also like this > solution to have Linux and Mac equivalents. > > All our account information is stored in an LDAP server, which is > retrieved via PAM and the PADL tools. I am slowly reconfiguring my > software to take the information from the LDAP server directly, and > would like to limit my options to products that can be configured that > way. Since I only store accounts in LDAP, it is not critical that all > settings be stored that way. Postfix is a perfect example: config in > /etc/postfix but can pull valid users from LDAP. I would also like to > enable or disable accounts with the use of a objectclass. Users with > an objectclass of vpnUser for example can use the VPN, otherwise, > account not found. > > Does anyone else have this Linux back end / Windows & Linux desktop > setup that is also providing VPN services? > > What are you using? > > What makes you do the happy dance about your solution? > > What makes you curse like a sailor on shore leave about your solution? > > Thanks in advance > Kevin Fries [snip] OpenVPN hands down no question in my mind. Cross platform *nix (Linux, BSD, etc.) Windows 2000 and up. I have been using it since 1.6 Release canidate and it has been rock solid. It is a true SSL based VPN solution built to be secure and reliable. openvpn.sourceforge.net -- Leonard Isham, CISSP Ostendo non ostento.