[TriLUG] VPN suggestions

Jon Carnes jonc at nc.rr.com
Tue Oct 28 12:22:01 EST 2003 

On Tue, 2003-10-28 at 11:03, Joseph Tate wrote:
> I've been asked several times by our VP of sales about setting up a VPN 
> so that he can access files on our winders fileserver behind our 
> firewall.  Short of opening up ports 137-139, or using the Windows VPN 
> (Which may or may not be feasible since I don't control the subnet), are 
> there simple ways to accomplish this?  I have a RH 7.3 system nearby, 
> and we could probably purchase a VPN appliance.  Does this sound like a 
> job for WebDAV?  Should I just setup ssh tunnelling for him?
> 
> I'm attracted to the Linksys VPN devices because of their advertised no 
> client software and no client fees, but wonder if they work when already 
> behind a firewall.  I can have ports opened for the device (if it has 
> its own IP) if necessary, but I'm not sure if I can open the entire port 
> range for the device.  Ideas?  Suggestions?
> 
> Joseph

An appliance is the way to go these days.  They are cheap and very
reliable. For the appliance to work properly you will have to install it
in parallel to your existing firewall.  The appliance also acts as a
firewall so there is no security problems in doing so - however you do
need an external IP address.

My favorite solution for limited use - as you describe above - is to
purchase two Linksys VPN routers (Linksys #BEFVP41) and set one up on
your network and give the other one to your VP of Sales.

The setup works great and you know that your VP is now running behind a
firewall at home (while vpn-ed into your secure internal network).  The
cost would also be under $200. The BEFVP41 can handle up to 10 remote
connections (under normal use), so you can setup 9 other folks with
home/travel Linksys routers as well and have them all use the one
BEFVP41 that you put up on your network.

Linksys also has a new VPN wireless router (just what you asked for
Michael!), so if your VP is used to going wireless you can still
accommodate him.

There are a *lot* of other alternatives, but none that work as well or
as cheaply (unless you've got time to burn and a few spare PC's).

Take care - Jon Carnes

More information about the TriLUG mailing list