Sign in to follow this  
Followers 0
dragonone

VPN solutions?

7 posts in this topic

I'm lost with VPNs. As much as I can deploy Hamachi across a couple machines, I'd like a VPN solution for two different networks I use and operate.

First one's my home network. I'd like to be able to have my router running OpenVPN to be able to connect in to talk to the various other servers within the network from the outside while maintaining security and performance. I'd like to be able to tunnel all network communications through this VPN as well.

I have tried the whole DD-WRT VPN edition, but I got absolutely lost trying to configure it or set anything up. My router's a WRT54G v4, and is currently running DD-WRT v24-SP2 std-nokaid. I'd be willing to re-flash as needed to v24SP2 vpn edition. Anyone got a link to a guide of some sort?

Second VPN solution I need is for a work network. I cannot change ports on the firewall. I'd like something like Hamachi, but I don't want to outfit every machine on the network at work with Hamachi. I'd like something that can bypass the firewall (one of those nice, fancy Cisco boxes) like Hamachi, but be able to allow me to connect to internal servers while still maintaining security. The server here I'd be deploying to is Windows Server 2003 with full administrative privileges, so that's not an issue here. I do not care if I need a separate client for this purpose.

In essence, on either scenario, I need a layout like this:

(laptop)<->(vpn client) <-> ((internet)) <-> (vpn server)<->(full internal network [10.10.1.X etc] access)

0

Share this post


Link to post
Share on other sites

I use OpenWRT White Russian with OpenVPN at work. Our corporate VPN services around 15 concurrent users. It's a lengthy task to get OpenVPN installed on OpenWRT, but it's pretty easy once you get a hang of it.

0

Share this post


Link to post
Share on other sites

I use OpenWRT White Russian with OpenVPN at work. Our corporate VPN services around 15 concurrent users. It's a lengthy task to get OpenVPN installed on OpenWRT, but it's pretty easy once you get a hang of it.

I agree with this solution being the most affordable solution that is very dynamic. However it does take some time to set up and some understanding on how VPN's work. There are tons of resources to get you started all over the place.

0

Share this post


Link to post
Share on other sites

Alrighty, well, now onto the second solution I need. I need something that I can connect to my work network through the work firewall to gain access to the entirety of the network within from when I'm at home.

Mainly (laptop)-->(internet)-->(corp firewall)-->(entire network as I'd see it from my work PC).

I almost want to try Hamachi to get around the firewall and then OpenVPN to link to the inside via Hamachi.

Does this sound like a good solution?

0

Share this post


Link to post
Share on other sites

Alrighty, well, now onto the second solution I need. I need something that I can connect to my work network through the work firewall to gain access to the entirety of the network within from when I'm at home.

Mainly (laptop)-->(internet)-->(corp firewall)-->(entire network as I'd see it from my work PC).

I almost want to try Hamachi to get around the firewall and then OpenVPN to link to the inside via Hamachi.

Does this sound like a good solution?

While this is an option and I won't directly condone workplace probing, if you carefully probe what protocols can slip by the firewall, there is a high chance you can tunnel said vpn through that service. This was a common method used for people who had data signal to their home by their ISP but did not have actual service. They would get the typical "Your service has not been setup yet.. please contact us at 1800 ******" but truth be told other common protocols could make it and thus the tunnels became useful tools.

0

Share this post


Link to post
Share on other sites

Alrighty, well, now onto the second solution I need. I need something that I can connect to my work network through the work firewall to gain access to the entirety of the network within from when I'm at home.

Mainly (laptop)-->(internet)-->(corp firewall)-->(entire network as I'd see it from my work PC).

I almost want to try Hamachi to get around the firewall and then OpenVPN to link to the inside via Hamachi.

Does this sound like a good solution?

While this is an option and I won't directly condone workplace probing, if you carefully probe what protocols can slip by the firewall, there is a high chance you can tunnel said vpn through that service. This was a common method used for people who had data signal to their home by their ISP but did not have actual service. They would get the typical "Your service has not been setup yet.. please contact us at 1800 ******" but truth be told other common protocols could make it and thus the tunnels became useful tools.

Zapperlink's solution is the correct one if you are trying to bypass the firewall. Although the connection would have to be a reverse connection unless your internal IP address at work has had some ports natted in the firewall to the external IP of your work. An easy way to get a simple reverse connection is to use netcat on a port that is open outbound at work and not blocked by your ISP at home.

All in all this seems to be making things overly complicated though. If you control the endpoint router/firewall on both ends then why can't you just change some of the settings? If you could it wouldn't be too hard to setup something like a PPTP or IPSec VPN server.

Edited by M0ralGray
0

Share this post


Link to post
Share on other sites

I'm lost with VPNs. As much as I can deploy Hamachi across a couple machines, I'd like a VPN solution for two different networks I use and operate.

First one's my home network. I'd like to be able to have my router running OpenVPN to be able to connect in to talk to the various other servers within the network from the outside while maintaining security and performance. I'd like to be able to tunnel all network communications through this VPN as well.

I have tried the whole DD-WRT VPN edition, but I got absolutely lost trying to configure it or set anything up. My router's a WRT54G v4, and is currently running DD-WRT v24-SP2 std-nokaid. I'd be willing to re-flash as needed to v24SP2 vpn edition. Anyone got a link to a guide of some sort?

Second VPN solution I need is for a work network. I cannot change ports on the firewall. I'd like something like Hamachi, but I don't want to outfit every machine on the network at work with Hamachi. I'd like something that can bypass the firewall (one of those nice, fancy Cisco boxes) like Hamachi, but be able to allow me to connect to internal servers while still maintaining security. The server here I'd be deploying to is Windows Server 2003 with full administrative privileges, so that's not an issue here. I do not care if I need a separate client for this purpose.

In essence, on either scenario, I need a layout like this:

(laptop)<->(vpn client) <-> ((internet)) <-> (vpn server)<->(full internal network [10.10.1.X etc] access)

I use Adito, which is a port of the SSL-explorer product. This gives you a browser-based SSL VPN, and then I use both a ultraVNC and RDP plugin for it. get the windows installer at: lars.werner.no

Though not quite ipsec, ultraVNC with the DSM encryption plug-ins are reasonably secure if you pick a non-standard port hide it behind a firewall.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0