I have a DSL connection into my office and a linux server on the other
side of the router. I want to be able to access the office network
from home by using a vpn. Heres a outline of my setup

HOME -> [INTERNET] -> Modem -> Router -> Linux Sever

So what I want to know is what software I need to run on my linux
server and how do I allow the vpn through the router ( this is only a
small office router, not a big cisco router! )

thanks

Colin O'Keeffe wrote:
> I have a DSL connection into my office and a linux server on the other
> side of the router. I want to be able to access the office network
> from home by using a vpn. Heres a outline of my setup
>
> HOME -> [INTERNET] -> Modem -> Router -> Linux Sever
>
> So what I want to know is what software I need to run on my linux
> server and how do I allow the vpn through the router ( this is only a
> small office router, not a big cisco router! )

OpenSWAN or OpenVPN should do the trick.
OpenSWAN is IPSec, based on standards.
OpenVPN is SSL, not based on anything, but it works.

Colin O'Keeffe wrote:

> I have a DSL connection into my office and a linux server on the other
> side of the router. I want to be able to access the office network
> from home by using a vpn. Heres a outline of my setup
>
> HOME -> [INTERNET] -> Modem -> Router -> Linux Sever
>
> So what I want to know is what software I need to run on my linux
> server and how do I allow the vpn through the router ( this is only a
> small office router, not a big cisco router! )
>
> thanks

If your router has IPSec-based VPN facilities, you might be able to use that
facility with OpenSWAN or racoon/setkey from the ipsec-tools package.
Setup is quit complicated.

Far more easy is to setup a OpenVPN server on the Linux server and
at home the OpenVPN client, available for Linux and Windows.
I recommend to use a password protected certificate for authentication
and to use a non-standard port number. Scripts to generate certificates are
included in the OpenVPN package.

Of course the OpenVPN port has to be opened on the router,protocol is UDP,
unless configured otherwise.
Same for a iptables firewall on the server, if any.



Kind Regards,
H.Janssen

On Sat, 12 Jul 2008 13:46:10 -0700, Colin O'Keeffe wrote:

> So what I want to know is what software I need to run on my linux server
> and how do I allow the vpn through the router ( this is only a small
> office router, not a big cisco router! )

If you want to use the router as a VPN "server", then the answer to your
question is in the question "what VPN mechanisms does this router
support?"

But I'm confused: do you have that DSL link directly into your office
(ie. this isn't a connection to the public Internet)? If so, then what
functionality do you require from the VPN? It sounds like all you need
is to establish the point-to-point link between your home machine(s) and
the router and then tell the home machine(s) to use the router as a
gateway to whatever lies beyond it [within the office].

Also keep in mind: for most VPN needs, SSH now has this facility. If
your Linux Server is running a recent (post 4.0, if my faulty memory
serves for the moment) sshd, then SSH supports the -w option which
creates a tun device on both sides of the connection. Mix in some
forwarding on the Linux Server, and you've a simple VPN solution.

This would be VPNing to your Linux Server; not to your router. It would
be *through* the router, but supporting/permitting the SSH connection
would be the router's only role. So this would work regardless of what
your router can/cannot do.

[Unless your router too is running Linux, in which case it may have a
sufficiently recent sshd for the -w option.]

- Andrew

Colin O'Keeffe wrote:
> I have a DSL connection into my office and a linux server on the other
> side of the router. I want to be able to access the office network
> from home by using a vpn. Heres a outline of my setup
>
> HOME -> [INTERNET] -> Modem -> Router -> Linux Sever
>
> So what I want to know is what software I need to run on my linux
> server and how do I allow the vpn through the router ( this is only a
> small office router, not a big cisco router! )

I've just a few days back experimented with an OpenVPN connection
between two machines.

Easy to set up but then I used a VNC connection as I wasn't sure how to
get file sharing to work via the VPN connection rather that the normal
method.

Geoff Lane

On Jul 13, 1:56*am, Andrew Gideon <c172driv...@gideon.org> wrote:
> On Sat, 12 Jul 2008 13:46:10 -0700, Colin O'Keeffe wrote:
> > So what I want to know is what software I need to run on my linux server
> > and how do I allow the vpn through the router ( this is only a small
> > office router, not a big cisco router! )
>
> If you want to use the router as a VPN "server", then the answer to your
> question is in the question "what VPN mechanisms does this router
> support?"
>
> But I'm confused: do you have that DSL link directly into your office
> (ie. this isn't a connection to the public Internet)? *If so, then what
> functionality do you require from the VPN? *It sounds like all you need
> is to establish the point-to-point link between your home machine(s) and
> the router and then tell the home machine(s) to use the router as a
> gateway to whatever lies beyond it [within the office].
>
> Also keep in mind: for most VPN needs, SSH now has this facility. *If
> your Linux Server is running a recent (post 4.0, if my faulty memory
> serves for the moment) sshd, then SSH supports the -w option which
> creates a tun device on both sides of the connection. *Mix in some
> forwarding on the Linux Server, and you've a simple VPN solution.
>
> This would be VPNing to your Linux Server; not to your router. *It would
> be *through* the router, but supporting/permitting the SSH connection
> would be the router's only role. *So this would work regardless of what
> your router can/cannot do.
>
> [Unless your router too is running Linux, in which case it may have a
> sufficiently recent sshd for the -w option.]
>
> * * * * - Andrew

No, my DSL is connected to my ISP. I want to be able to access the
office network to access the shared drives on the machines in there so
I can work from home basically.

My other question is both endpoints don't have static public IP's, as
my ISP's won't give them to me, so I'm running DDNS using dyndns. Is
there any complication using this?

On Sun, 13 Jul 2008 04:39:53 -0700, Colin O'Keeffe wrote:

> No, my DSL is connected to my ISP.

Ah. What you'd written made it appear as if you might have something odd
and unusual (and interesting {8^). But your setup and need is quite
conventional.

> I want to be able to access the
> office network to access the shared drives on the machines in there so I
> can work from home basically.

Yes: you want a VPN.

But first, another backtrack: Might sshfs work for you as a way to
remotely access your file systems? If your Linux Server can mount these
volumes, then that should work for you. It's another nice and simple
solution and it requires no extra software on the server/office side.

>
> My other question is both endpoints don't have static public IP's, as my
> ISP's won't give them to me, so I'm running DDNS using dyndns. Is there
> any complication using this?

Partially. With respect to your home's IP: the smaller the number of IPs
that are given this access, the better. So a single static IP locked to
your home is ideal. On the other hand, there are plenty of mobile
workers using VPNs from *anywhere*, so that ideal is often missed in
practice.

The dynamic IP on the office side is more of a problem, but you've solved
most of that with dynamic DNS. The one concern I'd have is how often
your connection resets itself. That could be an inconvenience if it
happens frequently while you're in the midst of work.

Back to basics: from a networking perspective, the VPN merely looks like
a router. That is, your home and office networks will appear to be two
separate networks with a single router between them. That there's a wild
and woolly Internet between them is hidden.

Note: The exception to this is where the VPN is set up as a bridged
solution. In that case, everything can appear to be on the same
network. I don't know though how wide support for this is; OpenVPN does
have this capability while SSH does not.

Once you've this dual network situation, you need to give the home
network access to resources on the office network. The VPN will need to
do the necessary routing (passing packets between networks) and the file
servers on the office network will need to provide service to the IP
addresses on the home network.

A slight change involves having the VPN's routing using source NAT, so
that attempts by machines on your home network to access resources on
your office network will appear to be from the VPN server (ie. your Linux
Server) itself. This is a simplification in that you don't need to make
the servers on the office network aware of the IPs in the home network.
Those servers merely need to be willing to provide service to the IP of
the Linux server.

Also note that I'm speaking here of "internal" IPs. These are probably
nonroutable, as described in RFC1918. For example, perhaps your office
uses 192.168.1.0/24 and your home 192.168.2.0/24. The dynamically
allocated public IPs are irrelevant to this part of the discussion.

- Andrew