Linux Router (VPN Server) <-- Internet --> Windows XP Pro (VPN Clients)

[ZippyDan]

how do i do it?

ive got slackware running on my Linux Router. i want to make it a VPN server (note its only a p233mmx so what kind of security/encryption can it handle?) capable of handling multiple VPN tunnels. i have no idea how to setup my Router as a VPN server, any links/guides/advices?

i know there is pptp and ipsec. advice on which should i use?

the clients will be WinXP Pro. i have no idea how to set them up for VPN connections. any links/guides/advice?

thanks

~Zippy!

 

[n0cmonkey]

Use IPSEC if you can get IPSEC clients for WinXP. I Think linux 2.6 has KAME in it. Check freshmeat.net for vpn programs (isakmpd?). I'm surprised a google search didn't come up with any information...

 

[ZippyDan]

google is full of information. unfortunately so much of it is inapplicable or just plain wrong

doesnt WinXP Pro have built in support for both pptp and ipsec connections (i know theres setup that needs to be done for ipsec)... so why do i need ipsec client software?

~Zippy!

 

[n0cmonkey]

Originally posted by: ZippyDan
google is full of information. unfortunately so much of it is inapplicable or just plain wrong

doesnt WinXP Pro have built in support for both pptp and ipsec connections (i know theres setup that needs to be done for ipsec)... so why do i need ipsec client software?

~Zippy!

I usually don't use Windows, so I don't know what it has

 

[calbars]

Supposing you are running kernel 2.4 on your slackware box, I see 3 solutions (I'm sure there are other if you search).

1) pptp. Run pptpd (www.poptop.org) on your server. Use to docs from poptop to set up the server. The best info on setting up your kernel is from the pptp client project site(http://pptpclient.sourceforge.net/).

Pros: uses the native vpn windows client, simple to configure
Cons: you will need to recompile your kernel to get mppe encryption.

2) ipsec. Run freeswan on your server (www.freeswan.org). But to make interoperate properly with windows' ipsec stack, you should head over to www.freeswan.ca to get a pre-patched version of freeswan with all the goodies. Again, you will need to patch your kernel (unless you run 2.6).

Pros: uses the native windows native ipsec.
Cons: kernel recompile, major PITA to configure and debug. Plus the freeswan project has recently announced that it is commiting hara-kiri.

3) vpn over ssl. Run openvpn on (http://openvpn.sourceforge.net/) you linux machine and your windows machine.

Pros: simple to setup, no kernel recompile.
Cons: You need to install openvpn on windows.


I've used 1 and 2 with success. I've heard good thing about openvpn, might be worth a try.

BTW, I've run 10 ipsec tunnels with light traffic on a P200MHz over a 2mbits link with success. YMMV

 

[ZippyDan]

thx for ur post calbars. after hours of research and asking other linux ppl what i should use, i came up with those same 3 options as the best/most popular. nice summary other ppl looking to do the same, take note!

~Zippy!

 

[calbars]

your welcome

BTW, one thing that I should have mentioned is that once freeswan is properly configured (this might involved waving dead chickens at your router and invoking $DEITY's name profusely) it is solid as rock.