[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sheflug] Eek : VPN
> -----Original Message-----
> From: shef-lug-admin [at] list.sheflug.org.uk
> [mailto:shef-lug-admin [at] list.sheflug.org.uk] On Behalf Of Chris Johnson
> Sent: Tuesday, August 24, 2004 3:25 PM
> To: shef-lug [at] list.sheflug.org.uk
> Subject: RE: [Sheflug] Eek : VPN
>
> David
>
> Thanks for your ideas. I'd not thought of buying an internal
> PCI adsl modem instead of a router/modem.
>
> > Just out of curiosity, why don't you put an IP-Cop supported NIC in
> > your firewall and do away with the router?
>
> Because (at work) the router is built in to the ADSL modem
> (or vice versa). Its a solwise sar110 at work and I might
> end up with a netgear DG834 at home. (or did you mean an
> internal ADSL modem supported by ipcop?
I'd stick the DSL card in the IPCop f/w, yes.
> That would at least
> reduce the plug count but are there any disadvantages to
> using IP cop as the router apart from not having the fall
> back option of plugging the other PCs directly into the
> router/modem and the router modem probably using less power
> and making less noise).
Immaterial if you're leaving the IPCop box on all the time?
>
> Firewalls at home and at work are stand alone IPCOP machines.
> I can't work out from the IPCOP manual if this could give me
> lan to lan vpn (ie ipcop will join the lans through a vpn or
> if I need extra stuff on the servers/pcs on each lan as well
> to create the vpn.
I'm certain the IPCop pages show a config for lan to lan, and I can
vouch for the fact that IPCop to Cisco does LAN to LAN quite happily and
has done for pushing two years now.
>
> > That way, you could do direct VPN
> > to VPN without having to worry about the router. You may want to
> > investigate VPN passthrough on the router.
>
> Would the router at home not just pass on the packet to the
> router at work if I set up a static route between the two?
I'm not certain that LAN to LAN wouldn't be an issue in this
configuration. I honestly don't know. Normally, I'd expect the two VPN
endpoints to be defined in each other's configuration. Whether the fact
tha one of them in your suggestion would be an internal address, or
whether you'd specify the Netgear router I dunno.
>
> > Personally, I'd forget about the router completely... Just my 2p
>
> It would save some pennies (BTW, thanks for your 2p I'll put
> it towards whatever solution I end up going for)
:-)
--
David
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.