From: Michael Erskine <michael.erskine@ja...> - 2004-09-24 12:52:35
Firstly, please excuse my ignorance but my knowlege of networking is patchy at
best. I've been a Devil-Linux user for some time and I love the way it has
"just worked" for us straight out of the box (or off the CD anyhow!) when our
rather expensive internet appliance box went and died on us.
I've been given the task of setting up an inter-site VPN for our 4 offices in
the UK. Each office has an ADSL connection to the internet and I know that
Super FreeS/Wan 1.98 is part of the DL firewall (currently running 1.05) that
I set up some time ago. The users will expect to be able to point their
Windows Explorer at a machine at one of the other offices and browse its
shares. I'm assuming that such a thing is not only possible but also a common
task that others will have already tackled. I've started reading the Super
FreeS/Wan documentation and I'm a little overwhelmed to say the least!
I guess that I need to do something like: -
* set up DL at the other 3 sites and enable IPSEC in the config
* create some sort of certificate for each site
* set up some firewall magic to redirect all traffic to the other office IP
addresses via some VPN tunnel
* enable samba on each DL firewall? Or do I just need to redirect traffic for
* probably lots of other magic that I don't know about :)
I specifically don't want to set up IPsec under Windows 2000 - I'd like the
VPN tunnel to be as transparent as possible to the client machines and only
configured on the DL machines (where I'm happy :) ).
Is what I want to do possible within DL?
Friday, September 24, 2004, 4:51:31 PM, you wrote:
ME> The users will expect to be able to point their
ME> Windows Explorer at a machine at one of the other offices and browse its
I can suggest 2 ways.
ME> Is what I want to do possible within DL?
1. The one way:
Create a tunnel between 10.0.0.0/24 and 10.0.1.0/24 (for a example)
The type of tunnel doesn't matter. It may be a ipsec, ip-ip or vtun
(openvpn) tunnel. how-to for the last -
Set on gateways of the both LANs SAMBA with the following config:
a) workgroup = COMPANY
remote announce = 10.0.1.1/COMPANY
remote browse sync = 10.0.1.1
b) workgroup = COMPANY
remote announce = 10.0.0.1/COMPANY
remote browse sync = 10.0.0.1
Details - http://us3.samba.org/samba/docs/using_samba/ch07.html
2. The other way (without samba)
Create a tunnel between LANs and simply do a bridge in it 8-).