|
|
Den søndag 5.mar kl. 6:10 skrev Franck Y: Hello,
I've have at office a server running onto a FC4 (Fedora Core 4), with samba with the proper policies. Due to the grow of the business, i 'd like to give access to the server thought Internet. I'm totally lost about the option that i have OpenVpn/IPSEC, OpenVpn/SSL, OpenVpn/PPT... They are just different technologies to implement a more or less secure tunnel. SSL is not only used in HTTPS, but in your case you can not use HTTPS because you want access to a samba server. SSH can not be used either, even though you can tunnel traffic through it. Generally there are 2 VPN technologies, IPSEC and SSL based. I dont know what PPTP/poptop is, but it is not secure enough. However there is a built in support in Windows, so people does not have to install anything to get it working. IPSEC is secure enough, but rather complicated to setup, configure and especially if any of your clients doesnt have a public IP address. IPSEC is not that fond of NAT'ting, and even though there are built in support in windows, not all IPSEC implementations can speak to each other, because some use just IPSEC, others uses L2TP ontop to tunnel the traffic through that. SSL based VPNs, which includes OpenVPN, are generally easy to configure and they do quite easily travel through a NAT. However some of them are made by people that does not know what they are doing, so they end up being insecure. However James and others that code on OpenVPN appears to know what they are doing. I think that there has been a independent security check of OpenVPN, and the result was that no errors was found, so OpenVPN was secure. So, choosing OpenVPN is a good and sane choice. What is the best solution for this configuration ? The other thing, is that the client are on win2000, Xp home, Xp pro.
Since you want samba and thus windows browsing to work easily you want to use OpenVPN in bridging mode. JonB ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00057.html on line 222 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00057.html on line 222 |