[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-uk-schools
Subject:    Re: [suse-linux-uk-schools] RAS, VPN, PPTP
From:       Gary Stainburn <gary.stainburn () ringways ! co ! uk>
Date:       2001-04-07 12:09:19
[Download RAW message or body]

Hello Allan,

Before I start, a couple of points.  

1) connections for your students will probably still be restricted to 
33.6K regardless of your setup as your students will still be using the 
same modems regardless of who they are dialing.

2) your ADSL connection will probably be Dynamic IP.  This means that 
your IP is not fixed and may change.  If this happens, you will no 
longer be in the same place.  For normal net use, such as web browsing 
this is not a problem, but when providing a service, it obviously is.

3) going 24x7, you should definitely look at firewalling, whether it's 
a standalone box such as suggested by freesco http:/www.freesco.org, a 
commercial firewall, or just good security setting on your gateway box.

I've never used RAS, so I can't comment on whether Linux can replace 
it's functionallity.  However, I have used Linux over the years to 
provide varying levels from terminal access to ppp connections and VPN 
servers.  You will have tp get your hands dirty to someextent tho' as 
Linux isn't as *polished* as windows (no flames please)

If you look on the WYLUG web site, you should see writeups of a joint 
VPN talk that Andrew Johnson and I did a while back.

If most of your clients are Win9x PC's who just want to be *on* your 
network then look at Andrew's PPTP talk.  The only downside of this if 
I remember correctly is that it does not use encryption without 
recompiling the kernel.

If you want to connect two networks together and have all nodes on 
those networks visible to each other, then have a look at my SSH/PPPD 
talk, or save yourself the time and go straight to the VPN Howto as my 
talk was just an overview of that.

The third choice for remote access is bog-standard SSH.  This is just 
like rsh/telnet but is tunnelled down an encrypted SSL channel.  Using 
the built-in X forwarding, you could even have remotely X apps.  This 
is how I work mostly when I'm at home. 

Using any of the above methods gives you three benefits

1) You don't need to maintain 6 modems
2) You don't need to pay 6 line rentals
3)  You're not limited to 6 concurrant connections

However, they also have 2 drawbacks which may mean you could want to 
keep (some) of your modems.

1) Increased latency introduced my internet reduces performance
2) Everything relies on one phone line.

If you do want to provide dial-in PPP connectivity, have a look at the 
mgetty package that comes with Linux.  The documentation is very good 
and shows how to set it up to work along-side pppd to provide the 
services.

One problem you may encounter with Linux is WinModems.  A lot of PCI 
modems, and some others, and what are known as WinModems.  This means 
these modems have a large part of the hardware missing, and relies on 
the computer's CPU and the windows device driver to replace the missing 
finctionality.  This means that they cannot be used with Linux.  This 
situation is changing as volunteers (and some manufacturers) are 
writing linux code for these modems.

Sorry for whittering on, but I wanted to give as full an answer as 
possible.
On Saturday 07 April 2001 11:35 am, Alan Davies wrote:

> > It appears that we are about to get ADSL....
>
> We currently allow a restricted set of pupils remote dialin access
> via a mini bank of 6 modems connected to an NT server running RAS.
>
> With 24x7 we presumably could offer/allow VPN access - which might be
> more convenient and offer better intermittent bandwidth (modem to
> modem only offers 33k6).  I'm not certain what I need to add to our
> NT4 server to provide VPN access - there are lots of commercial
> packages of course offering firewall/DES protection etc.  NT2000
> server does it automatically, but I'm not sure that we intendend to
> go down that route.
>
> Which brings me to the question of whether I could use the LINUX box.
>  Does LINUX support RAS via dialin or VPN?  Is it 'user friendly'
> click and go or 'get your hands really dirty' sort of stuff?  I don't
> even know how LINUX behaves if you have several PCI modem cards in
> the box.  Has anyone knowledge of, or done any of this?
>
> TIA

["Attachment: 1" (text/html)]


-- 
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 
    


[prev in list] [next in list] [prev in thread] [next in thread]