Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Linux & VPN (Virtual Private Networking)

[es] :: Enterprise Networking :: Linux & VPN (Virtual Private Networking)

[ Pregleda: 6913 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

ZoZa
Zoran Vukmirica
Toronto

Član broj: 3505
Poruke: 4
209.135.114.*

ICQ: 124565234


Profil

icon Linux & VPN (Virtual Private Networking)23.04.2002. u 17:01 - pre 237 meseci
Dali postoji neki nacin da umrezim(VPN) linux racunar u firmi i kucni racunar. Ovako stoje stvari.
Firma: Linux RH7.2 u LAN-u ide na Internet preko MS ISA Server-a.
Fora je sto ja mogu da se konektujem Iz firme na kucni kompjuter preko Ssh
(ISA pusta sav saobracaj iz LAN-a ka netu) ok....i ja ih spojim u upadam u moj lokalni LAN kod kuce...i pristupam svim kompjuterima preko samba mount shares sa linux-a na koji sam nakacen. Ostavim konekciju ukljucenu....e sad KAKO da namestim linux-e da mogu iz kuce da se nakacim na firmin LAN i ...na Linux server unutar LAN-a)?? I jos nesto. Serveru (ISA) nemam pristup. Nisam Admin.
PS. Hvala na pomoci!
 
Odgovor na temu

B o j a n
eCTRL
EU

Član broj: 1178
Poruke: 2925
*.yubc.net

Jabber: bc@default.co.yu
Sajt: default.co.yu/~bc


+1 Profil

icon Re: Linux & VPN (Virtual Private Networking)23.04.2002. u 21:16 - pre 237 meseci
Iskren da budem, nemam blage sta je to MS ISA Server, ali ako je to bilo kakav tip maskiranja aka nat, onda si ga blago receno ispusio.

Medjutim, ako pak nije tako, i ako ti linguz na poslu ima javnu IP adresu, i mozes da mu pristupas spolja onda VPN mozes da realizujes pomocu gre tunela, ili pppoe, na tebi je da odaberes L;)

Pretpostavljam da nijedan admin nije ovca, pa ni taj koji odrzava taj MS ISA-sta vec, i pretpostavljam da ne dopusta tek tako inbound konekcije, s'toga ce ti u svakom slucaju biti potrebna njegova pomoc.


"It's okay, I'm just admiring to the shape of your skull!" -- Dr. Gonzo
 
Odgovor na temu

ZoZa
Zoran Vukmirica
Toronto

Član broj: 3505
Poruke: 4
209.135.114.*

ICQ: 124565234


Profil

icon Re: Linux & VPN (Virtual Private Networking)23.04.2002. u 22:07 - pre 237 meseci
OK mozda nisam dovoljno jasan.
Linux nema privatnu IP adresu, on je unutar LAN-a
A MS ISA Server je Microsoft Internet and Acceleration Server (ISA) firewal,Proxy,NAT u isto vreme.
MOgu da koristim sa posla sve aplikacije cak i Kaza/Morpheus, ICQ i da izlazim na internet ....sa posla se konektujem preko ssh kuci na linux.
Jasnije da vam objasnim. Dali mogu da se konektujem u VPN na moj kucni kompjuter, pod uslovom da sva podesavanja odradim na Linux-u koji se nalazi na poslu!? (jer od kuce nemogu da prismrdim...unutar firminog LAN-a)

 
Odgovor na temu

B o j a n
eCTRL
EU

Član broj: 1178
Poruke: 2925
*.yubc.net

Jabber: bc@default.co.yu
Sajt: default.co.yu/~bc


+1 Profil

icon Re: Linux & VPN (Virtual Private Networking)24.04.2002. u 07:54 - pre 237 meseci
Citat:
ZoZa:
Linux nema privatnu IP adresu,

Pretpostavljam da si ovde hteo da kazes da nema javnu adresu, no dobro.

Ukoliko imas veci uptime, na obe masine, mogao bi da uspostavis gre tunel SA masine na poslu KA kucnoj masini. I potrudi se da ti tunel ostane ziv, kad dodjes kuci.

Kada dodjes kuci, i ispavno konfigurises gre, ima ces sve blagodeti klasicnog LAN umrezavanja sa masinom na poslu.


"It's okay, I'm just admiring to the shape of your skull!" -- Dr. Gonzo
 
Odgovor na temu

ZoZa
Zoran Vukmirica
Toronto

Član broj: 3505
Poruke: 4
209.135.114.*

ICQ: 124565234


Profil

icon Re: Linux & VPN (Virtual Private Networking)24.04.2002. u 15:36 - pre 237 meseci
Ok. Hvala na pomoci, nebih zeleo da zatvaramo ovu diskusiju odmah nakod tvog odgovora. Molio bi te posto nisam dobro upoznat sa Linux VPN tehnologijama dali bih moga da mi ukratko objasnis sta je "Gre tunel" i gde mogu da nadjem softwer i
dali imas primerak konfiguracionih fajlova za to. Poznajem sve ostale service Linux-a ...Masquereading, Squid, .....itd ali za to iskreno nisam cuo.
Sto se tice uptime-a, nemam problema ovo na poslu je fiber-optic (24h/7days/week) kuci imam cable modem sa staticnom IP-addresom
Hvala jos jednom puno!

 
Odgovor na temu

BORG
Aleksandar (Sasa) U.
*NIX System/Network Administrator
BL-RS

Član broj: 200
Poruke: 916
*.dialup.blic.net

ICQ: 46124351
Sajt: bitches.kicks-ass.net


Profil

icon Re: Linux & VPN (Virtual Private Networking)24.04.2002. u 17:14 - pre 237 meseci
http://www.tldp.org/HOWTO/Adv-Routing-HOWTO.html

Pogledaj taj link.
Prvo bi trebao da kompajliras kernel da ukljucis GRE support,a onda kasnije isprobavaj....
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.

--Peter J. Schoenster
 
Odgovor na temu

B o j a n
eCTRL
EU

Član broj: 1178
Poruke: 2925
*.yubc.net

Jabber: bc@default.co.yu
Sajt: default.co.yu/~bc


+1 Profil

icon Re: Linux & VPN (Virtual Private Networking)24.04.2002. u 20:25 - pre 237 meseci
Da li sam pomenuo mozda da namestiti gre i nije tako jednostavno, i da se ne moze sklepati "na brzaka" za tvoje potrebe, od strane tako neupucenog moderatora kao sto sam ja L;)

Inace, GRE tunel je sjajno opisan u rfc-u broj: 3174
::: http://www.faqs.org/rfcs/rfc3147.html

I da, sav softver koji ti treba je dobro kompajliran kernel i iproute2.

PS: Samo da jos dodam, da gore pomenuti dokument imas i u /usr/doc/Linux* direktorijumima.

"It's okay, I'm just admiring to the shape of your skull!" -- Dr. Gonzo
 
Odgovor na temu

MoHicAn

Član broj: 43
Poruke: 1893
*.verat.net



Profil

icon Re: Linux & VPN (Virtual Private Networking)28.04.2002. u 11:15 - pre 237 meseci
A zar ne bi bilo najbolje da lepo pitas admina da ti stavi na taj nt box routiranje za input zahteve na portu 22 na primer i da ih preroutira na neki linux na kom imas acc i onda sa njega mozes da pristupis svim ostalim makinama u mrezi ?
 
Odgovor na temu

ZoZa
Zoran Vukmirica
Toronto

Član broj: 3505
Poruke: 4
209.135.114.*

ICQ: 124565234


Profil

icon Re: Linux & VPN (Virtual Private Networking)02.05.2002. u 15:28 - pre 237 meseci
OK Hvala na odlicnom linku....sve me je ovde jasno sem jedne stvari.... :(
Koja su step-by-step podesavanja na kucnoj masini tj na Network C

Procitajte 5.3 GRE tunneling

GRE is a tunneling protocol that was originally developed by Cisco, and it can do a few more things than IP-in-IP tunneling. For example, you can also transport multicast traffic and IPv6 through a GRE tunnel.

In Linux, you'll need the ip_gre.o module.


IPv4 Tunneling
Let's do IPv4 tunneling first:

Let's say you have 3 networks: Internal networks A and B, and intermediate network C (or let's say, Internet).

So we have network A:

network 10.0.1.0
netmask 255.255.255.0
router 10.0.1.1

The router has address 172.16.17.18 on network C. Let's call this network neta (ok, hardly original)
and network B:

network 10.0.2.0
netmask 255.255.255.0
router 10.0.2.1

The router has address 172.19.20.21 on network C. Let's call this network netb (still not original)
As far as network C is concerned, we assume that it will pass any packet sent from A to B and vice versa. How and why, we do not care.

On the router of network A, you do the following:

ip tunnel add netb mode gre remote 172.19.20.21 local 172.16.17.18 ttl 255
ip link set netb up
ip addr add 10.0.1.1 dev netb
ip route add 10.0.2.0/24 dev netb

Let's discuss this for a bit. In line 1, we added a tunnel device, and called it netb (which is kind of obvious because that's where we want it to go). Furthermore we told it to use the GRE protocol (mode gre), that the remote address is 172.19.20.21 (the router at the other end), that our tunneling packets should originate from 172.16.17.18 (which allows your router to have several IP addresses on network C and let you decide which one to use for tunneling) and that the TTL field of the packet should be set to 255 (ttl 255).

The second line enables the device.

In the third line we gave the newly born interface netb the address 10.0.1.1. This is OK for smaller networks, but when you're starting up a mining expedition (LOTS of tunnels), you might want to consider using another IP range for tunneling interfaces (in this example, you could use 10.0.3.0).


In the fourth line we set the route for network B. Note the different notation for the netmask. If you're not familiar with this notation, here's how it works: you write out the netmask in binary form, and you count all the ones. If you don't know how to do that, just remember that 255.0.0.0 is /8, 255.255.0.0 is /16 and 255.255.255.0 is /24. Oh, and 255.255.254.0 is /23, in case you were wondering.

But enough about this, let's go on with the router of network B.

ip tunnel add neta mode gre remote 172.16.17.18 local 172.19.20.21 ttl 255
ip link set neta up
ip addr add 10.0.2.1 dev neta
ip route add 10.0.1.0/24 dev neta

And when you want to remove the tunnel on router A:
ip link set netb down
ip tunnel del netb

Of course, you can replace netb with neta for router B. sledeci text:
 
Odgovor na temu

alex
Aleksandar Radulovic
Senior Software Engineer, Spotify
Stockholm, Sweden

Član broj: 71
Poruke: 2194
*.islandssimi.is

Jabber: alex@a13x.info
ICQ: -1
Sajt: www.a13x.info


+1 Profil

icon Re: Linux & VPN (Virtual Private Networking)02.05.2002. u 16:04 - pre 237 meseci
Sta se mucite i komplikujete stvari? Ukompajlirajte GRE tunneling u kernel i instalirajte Roaring Penguin PPPoE server:

http://www.roaringpenguin.com/pppoe/

Vrlo se jednostavno i bezbolno podesava i pruza vam jako stabilan i siguran VPN.

Poz, alex.
Alex: My favorite site is http://localhost/
R.J. Oppenheimer: "I am become death, destroyer of worlds" (1945 AD)
tweet.13x ||
linkedin.13x
 
Odgovor na temu

B o j a n
eCTRL
EU

Član broj: 1178
Poruke: 2925
*.yubc.net

Jabber: bc@default.co.yu
Sajt: default.co.yu/~bc


+1 Profil

icon Re: Linux & VPN (Virtual Private Networking)02.05.2002. u 22:21 - pre 237 meseci
Citat:
ZoZa:
sve me je ovde jasno sem jedne stvari.... :(
Koja su step-by-step podesavanja na kucnoj masini tj na Network C

Pa pocetak ti je od:

Citat:

On the router of network A, you do the following:

... pa sve ispod, to si mogao i sam da dovalis da si pazljivije procitao ... Sve pre toga ti je uvod.

btw, alex, sjajan projekat, nisam ga isprobao, ali obecava ... imaju cak i Tk FE.

"It's okay, I'm just admiring to the shape of your skull!" -- Dr. Gonzo
 
Odgovor na temu

atomiq
Skopje

Član broj: 4355
Poruke: 14
*.rek.ukim.edu.mk

Sajt: www.linux.net.mk


Profil

icon Re: Linux & VPN (Virtual Private Networking)01.07.2002. u 08:08 - pre 235 meseci
Pa mozesh da go prasas administratorot dali imate RAS server na rabota i ako imate, dali mozhe da ti go modificira domain akauntot za rasot :] Ako imate ras osekjam deka imate nekoja luda company policy so secured vpn tuneli, EAP-only avtorizacija (kaj da najdam smartcard sea?:) U ostalom, ako ti dozvoli administratorot mozhes na public available company server da instalirash neshto poput PCAnywhere etc. i taka da imash brz i efektiven pristap do lanot na rabota. Ali ne veruvam deka toa kje ti se dozvoli. Neznam, ne gi procitav drugite postovi najdobro, ali siguren sum deka na freshmeat kje najdesh linux ras server koj valjda kje ti dozvolat da go instalirash.
Peace
ps Izvinete site shto na makedonski pisuvam..
-------------------------------------
atom1c
 
Odgovor na temu

[es] :: Enterprise Networking :: Linux & VPN (Virtual Private Networking)

[ Pregleda: 6913 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.