Once you have Samba shares up and running on the internal network, how do you go about making them available (browsable) via the Internet--a VPN? I hate to say it but in Windows 2k it's just a matter of a few clicks on the server and client. I'm hoping that it's not much harder with a Linux server/Windows client. Anything involving something like SSH will be too hard for most users. Thanks in advance... __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Oren Levy schrieb:> > Once you have Samba shares up and running on the > internal network, how do you go about making them > available (browsable) via the Internet--a VPN? > > I hate to say it but in Windows 2k it's just a matter > of a few clicks on the server and client. I'm hoping > that it's not much harder with a Linux server/Windows > client. Anything involving something like SSH will be > too hard for most users.It is not quite clear what you want to do, but VPN is completely independent from Samba. Here's an example of what we do: We have Win9x, NT, and W2K clients that connect through VPN client software (usually called PPTP by MS) to an NT4 Server running VPN server software. Note, again, that a VPN server has nothing to do with Samba. Through the VPN connection, we now have the ability to map shares from the network where the VPN server is located. Some of these shares are from "real" NT4 machines, some are from Linux machines running Samba. This is completely transparent to the user. If you want to run a VPN server on a Linux box, you would need the appropriate software to do so. I have no idea if a VPN server for Linux exists, you may want to search on the usual Web sites for it. I have experimented with VPN (PPTP) clients on Linux some time back. -Joe
Oren Levy wrote:> I hate to say it but in Windows 2k it's just a matter > of a few clicks on the server and client. I'm hoping > that it's not much harder with a Linux server/Windows > client. Anything involving something like SSH will be > too hard for most users.And this is the exact reason that sites get cracked, credit card #s stolen, etc. Because proper security is "too hard for most users." I recommend taking a stand. It's much easier to fight against the lazy (no, not stupid, lazy) users now than to fix the fubars after your security has been compromised. Scaring them often works - you'll find that most users are intelligent enough to understand but "don't have time for this stuff and don't think they should have to worry about it." Paint them the scenerio of their files being compromised in terrible ways and they genererally become more compliant. A VPN isn't all that hard to set up, and once it is you can map drives from remote machines just like on any other network. Not using a VPN is like mailing your passwords across the country in a celophane envelope. -Bill
I would suggest going with Poptop. It is relatively strait forward, it uses microsofts built in VPN clients, mind you if its not Win2k you might have to install, remove, reinstall to get the VPN adapters to work properly in Win98 (some bug in MS's install of the adapter causes this every so often). And then the server side is very simple. Watch your proxyarp would be my main suggestion, as their explanation of how the system uses it is not very clear. I had a VPN up and running with the basic CHAP authentication within about 2 hours. That includes a basic server install of RedHat 6.1 on a P166, compiling ssh for replacing telnet, and compiling poptop. So if you already have a server and don't intend on ssh I would assume this would be a fairly quick setup, moving to more secure authentication takes a bit, and possibly some patching depending on the system. Thanks, Trevor -----Original Message----- From: Andrew Judge [mailto:andyj@aerobuilders.com] Sent: Sunday, April 29, 2001 7:29 AM To: samba@lists.samba.org Subject: RE: VPN? VPN server software does exist for Linux. Try www.freeswan.org or www.potop.de. Those are the two most popular free ones I've seen and represent ipsec and pptp respectively. I have tried freeswan, but you need a third party client for road warriors with windows (usually pgpnet - expensive). I believe poptop supports the pptp client in MS win. You will also have to patch your kernel for freeswan which is pretty straight forward, but the configuration can be tricky (at least for me) for client and server depending on your site. Best regards, Andrew Judge -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On Behalf Of Joachim Feise Sent: Sunday, April 29, 2001 7:21 AM To: samba@lists.samba.org Subject: Re: VPN? If you want to run a VPN server on a Linux box, you would need the appropriate software to do so. I have no idea if a VPN server for Linux exists, you may want to search on the usual Web sites for it. I have experimented with VPN (PPTP) clients on Linux some time back. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba