Can't find suitable firewall/VPN software for dynamic IPs
kenw_at_kmsi.net
Date: 02/08/04
- Next message: Duane Arnold: "Re: IPsec and protecting ports"
- Previous message: Lars M. Hansen: "Re: IPsec and protecting ports"
- Next in thread: Leythos: "Re: Can't find suitable firewall/VPN software for dynamic IPs"
- Reply:(deleted message) Leythos: "Re: Can't find suitable firewall/VPN software for dynamic IPs"
- Reply: James Knott: "Re: Can't find suitable firewall/VPN software for dynamic IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 08 Feb 2004 21:28:57 GMT
Is there _any_ open source firewall solution that provides VPN endpoints
with dynamic IPs, and supports Microsoft (or free) VPN clients for Windows
XP?
I've been asked to build a software firewall for a small business network.
I can't seem find anything Linux (or equiv.) based, that meets my needs,
which are:
- it should provide NAT service for outbound connections, although I do NOT
need it to provide DHCP or DNS services. So far no problem. Smoothwall,
e.g., handles this nicely.
- must act as a VPN endpoint (i.e., NOT passthrough) for the local network,
providing remote access for remote Windows XP Pro workstations using
Microsoft VPN clients.
- must support VPN with dynamic IP on both ends. Most Linux firewalls only
support IPsec, and hence static IPs; I think we're down to PPTP and L2TP.
This blows it for ITShield, too; for some crazy reason, even though it
supports PPTP, it requires a static IP. Those things ain't cheap.
- do NOT want to use pinholes or VPN pass-through; i.e., no direct access
to internal systems by any clients not authenticated to the firewall. I
can buy a cheap hardware firewall if I'm just going to poke holes in it.
- must be quick and easy to set up. The client won't pay for a day's worth
of my time to figure out unmaintainable patches, scripts, etc.
What I really want is an 386 ISO image with PoPToP already incorporated, I
think. Nothing of the sort seems to exist.
Before people rag on me about PPTP security, let's be clear about whether
we're talking about PPTP v1 or v2; it makes a big difference. With a
firewall endpoint, I control the passwords; they're good, and used nowhere
else. And if anybody's got a better solution for dynamic IPs, I'm
listening.
BTW, there's one other solution I might possibly use in this situation: an
HTTP/HTTPS inbound proxy server -- since all I _really_ need right now is
to allow secure remote access to a web-based app running on a Win2K server.
Do such beasts really exist, or would I need some sort of stateful
inspection? Using MS' IIS on that server is not an option I want to think
about.
/kenw
Ken Wallewein
K&M Systems Integration
Phone (403)274-7848
Fax (403)275-4535
kenw@kmsi.net
www.kmsi.net
- Next message: Duane Arnold: "Re: IPsec and protecting ports"
- Previous message: Lars M. Hansen: "Re: IPsec and protecting ports"
- Next in thread: Leythos: "Re: Can't find suitable firewall/VPN software for dynamic IPs"
- Reply:(deleted message) Leythos: "Re: Can't find suitable firewall/VPN software for dynamic IPs"
- Reply: James Knott: "Re: Can't find suitable firewall/VPN software for dynamic IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
