Easily configurable firewall?

From: Don Felgar (dfelgar@rainierinternet.com)
Date: 12/06/01 

Date: Thu, 6 Dec 2001 01:41:23 -0800
To: focus-linux@securityfocus.com
From: Don Felgar <dfelgar@rainierinternet.com>

Hello all,

By way of background: I need to set up seven firewall/VPN/NAT linux
boxes now for some small branch offices, and several more down the
road.

I initially looked into hardware devices, but VPN hardware is
expensive, and there are incompatibilities between different
implementations. (Some of the inexpensive firewall/NAT devices that
"support VPN" actually support "VPN passthrough", which is quite a bit
different.)

My inclination is to avoid the administrative overhead of one VPN
connection between each workstation (windows) and the VPN server, but
rather to VPN once between each branch office and the VPN server. To
do this, I'll assign each branch office a subnet in 192.168.1,
192.168.1.2, etc so they mesh together in the main office.

Yes, I know that a firewall would not serve as a VPN device in an
ideal world. I'm working under a tight hardware budget and don't have
any better ideas.

Anyway, my question is actually this: what's the best way to configure
a group of Linux boxes en masse? My current thinking is that I'll
copy all the .debs (I'm using Debian) that I want onto a cdrom, and
then run a script on each machine that prompts for the bits of
information that differ from one machine to the next, such as IP
addresses, VPN config, etc, and writes them in the appropriate file.
Any better ideas?

TIA
-Don

Relevant Pages

  • RE: OT: How to configure with VPN endpoints outside ISA2K4?
    ... I understand that you want to setup a branch office ... the easiest method is to setup site to site VPN for your ... Connecting a Remote Office to a Small Business Server 2000 Network ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Is This Even Practical?
    ... The branch office currently opens some Excel files over ... the current VPN configuration, ... A direct connection to Exchange would be the other major item. ...
    (microsoft.public.windows.server.general)
  • Re: Branch Office Hardware VPN connection
    ... looking at reinstalling it I'd be looking at making it a member server. ... figure much value to it on the rare occassions the VPN may be down. ... and optionally internet. ... > NT4.0 Server setup at their Branch office. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Easily configurable firewall?
    ... > boxes now for some small branch offices, ... Part of my job with the test VPN was to look into turn-key solutions. ... > rather to VPN once between each branch office and the VPN server. ... First off you are doing the VPN via Freeswan right? ...
    (Focus-Linux)
  • RE: VPN Head Office to Branch Office
    ... You want the users in Branch Office to have access to Header Office. ... Based on my knowledge, if you create a VPN between the ADSL VPN Route, you ... directly access both the SBS Server and the LAN computers without problem. ... PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were ...
    (microsoft.public.windows.server.sbs)