RE: Allowing secure external access.

From: Tim - IBL (timv@iceburnslair.com)
Date: 10/29/02 

From: "Tim - IBL" <timv@iceburnslair.com>
To: "'Shaolin Tiger'" <shaolin@shaolin-tiger.com>
Date: Tue, 29 Oct 2002 11:18:07 -0600

I know with smoothwall, which is where ipcop has it;s roots, it's a
freeswan ipsec. There are utilities out there (there used to be a
"clients" page www.freeswan.org I think) that can let you connect in.

Googling for "freeswan client" and possibly win2k or XP would get you
some hits, but this might help http://vpn.ebootis.de/ .

-t

-----Original Message-----
From: Shaolin Tiger [mailto:shaolin@shaolin-tiger.com]
Sent: Monday, October 28, 2002 1:27 PM
To: security-basics@securityfocus.com
Subject: Allowing secure external access.

Hi all,

Just a quick query really..I'm pretty new to allowing people to come in
from
outside, I usually spend most of my time trying to stop them ;)

I need to allow access to our internal database and application to the
sales
manager who spends all his time outside..

I have an IPCop firewall which I believe has some VPN support, but only
supports end to end connections, like 1 IPCop box to another, as far as
I
can understand from reading the docs.

I know in 2k and XP you can choose VPN when creating a new connection in
network settings and enter a server IP but I don't think this would work
with the IPCop machine.

The sales guy will be using an XP laptop.

The other option I thought of is having a dedicated machine inside using
VNC
or something and a port forward, but I don't think this is very secure.

We do have terminal services on our PDC but it is allready overloaded
and I
wouldn't wish to put this extra burden on it...it may just give up.

What other options do I have? Preferably free, or cheap and secure to
put my
mind at rest opening up a hole in the firewall.

Any suggestions appreciated.

Shaolin

.: http://www.security-forums.com :.

         Share your knowledge
          It's a way to achieve
                Immortality.

Relevant Pages

  • Newbie: Cant make ipcop serve ip-address to client
    ... but I managed to install IPcop on a lone box ... to the fawlty machine. ... all clients get their IP-addresses ...
    (comp.os.linux.security)
  • Re: Newbie: Cant make ipcop serve ip-address to client
    ... >them won't accept the IP-address that it is served by IPcop. ... all clients get their IP-addresses ... >next move would be completely reinstall xp on the troublesome machine. ... linux box, with baby steps, may yield the trouble. ...
    (comp.os.linux.security)
  • =?iso-8859-15?Q?Re:_multihomed_DC_durch_Router_abl=F6sen?=
    ... den externen Telekom DNS-Servereinrichten u. das default Gateway netzwerkweit ändern auf den IPCOP. ... kommen geänderte Optionen bei den Clients an? ...
    (microsoft.public.de.german.win2000.networking)
  • Re: SBS 2003 VPN Setup with IPCop v1.4
    ... I now have my VPN system up and running and ... available to clients! ... I too have struggled with the IPCop VPN 'roadwarrior' mode, ...
    (microsoft.public.windows.server.sbs)
  • Allowing secure external access.
    ... supports end to end connections, like 1 IPCop box to another, as far as I ... with the IPCop machine. ... or something and a port forward, but I don't think this is very secure. ...
    (Security-Basics)