VPN for Home Use

Bl8ckr0uter

Greetings TEers:

I am setting up a GNS3 server and I would like access to this box from work (lots of down time and I have plenty of time to study). I was thinking about doing some sort of remote access/vpn into my house. To this end I have a static ip from my isp. Now I was thinking about remote access/vpn solutions that meet the following requirements:

Free or very little cost
Secure
Easy to set up (or at least not to difficult)
Open source - This is very important to me.

My server is going to run Ubuntu and I was thinking of putting Ubuntu Server and running open VPN on my box. I have played with several closed source solutions (gotoassist, etc) and they have the features I want but the cost I don't.

Another solution was to get a vpn mod for one of my cisco routers and set vpn up that way but none of my routers would support it and I really want to spend my money on switches not routers. Does anyone have any suggestions on what type of solution I should look for? Does anyone have any exp with openvpn?

Thanks

keenon

adito vpn.. there is a windows installer as well that will run on basic workstation OS

i'm in the same boat as well and hope to have the setup completed by this weekend

dynamik

Use OpenVPN, you open-source hippie...

(or just drop the GUI and use SSH like a man)

tiersten

I use SSH and SSLVPN for remote access.

Bl8ckr0uter

keenon wrote: »

adito vpn.. there is a windows installer as well that will run on basic workstation OS

i'm in the same boat as well and hope to have the setup completed by this weekend

this web site
Makes it seem like it isn't that bad to use. Would you mind if I messaged you this weekend to inquire about how it went for you?

dynamik wrote: »

Use OpenVPN, you open-source hippie...

(or just drop the GUI and use SSH like a man)

I guess Im still a little um intimidated by going str8 gui-less. I am trying to get there. I mean I don't use the sdm that much and I want to start studying Linux really soon (Ubuntu and Ubuntu server). But Im not quite there yet.

ColbyG

Use SSH.

Bl8ckr0uter

ColbyNA wrote: »

Use SSH.

What advantages does it have?

By the way, I plan to use Ubuntu Server and Ubuntu Clients

NightShade03

Use OpenVPN Access Server. It runs on Ubuntu or you can run it virtually (which is what I do). Just to give you an idea, the virtual appliance that I had took under 5 minutes to configure and you get 2 free licenses for remote connections. It's also easy to manage and the documentation is pretty damn good.

Access Server Downloads

Bl8ckr0uter

NightShade03 wrote: »

Use OpenVPN Access Server. It runs on Ubuntu or you can run it virtually (which is what I do). Just to give you an idea, the virtual appliance that I had took under 5 minutes to configure and you get 2 free licenses for remote connections. It's also easy to manage and the documentation is pretty damn good.

Access Server Downloads

What do you use for authentication?

NightShade03

To just get it up and running I created a few local user accounts and let the PAM module do its work against the local database. Once I had the settings to my liking and it worked out well I tied it into my Active Directory using the LDAP authentication. I actually want to use OpenLDAP and trying authenticating against that which should be a fun lab.....just need to get some time to do it lol

Bl8ckr0uter

NightShade03 wrote: »

To just get it up and running I created a few local user accounts and let the PAM module do its work against the local database. Once I had the settings to my liking and it worked out well I tied it into my Active Directory using the LDAP authentication. I actually want to use OpenLDAP and trying authenticating against that which should be a fun lab.....just need to get some time to do it lol

I have an AD domain at home but I was thinking about setting up open LDAP. I am still new to linux but I want get deep into the matrix quickly.

NightShade03

What distro are you using or looking to use? If its Ubuntu their service guide is pretty good about getting you up and running, and then you can rip things apart to find out how they work. Another site that I use alot is here:

Quick HOWTO: Linux Home Networking and Linux Forums Help

The guy that writes the stuff on this site is pretty good and his tutorials are awesome.

Bl8ckr0uter

NightShade03 wrote: »

What distro are you using or looking to use? If its Ubuntu their service guide is pretty good about getting you up and running, and then you can rip things apart to find out how they work. Another site that I use alot is here:

Quick HOWTO: Linux Home Networking and Linux Forums Help

The guy that writes the stuff on this site is pretty good and his tutorials are awesome.

For the Next 6 months I plan to use Ubuntu and Ubuntu Server as my main Os(es). While studying for the L+. I also have a Linux class coming up next quarter so I plan to get my L+/LPIC (I havent completely decided which one but more than likely I will eventually both) by March or so. I want to use CentOS as a file server. I plan to get deeper into CentOS as I get close to doing RHCT/E.

I know I know, the RHCT/E is crazy hard and I don't think I can get them done next year. Hopefully RHCT/E by 2011. I think the L+/LPIC is doable by the end of next year.

NightShade03

Well it sounds like you have a solid plan, which is always a good start! Good luck with your studies though as you have a decent sized undertaking laid out

I'd like to do my RHCE & finish my MCSE, however I've been bitten by the Cisco bug and I've become obsessed with networking....so I want my CCIE first lol

Bl8ckr0uter

NightShade03 wrote: »

Well it sounds like you have a solid plan, which is always a good start! Good luck with your studies though as you have a decent sized undertaking laid out

Thanks. Yea I have a big big plan . That it isn't even the half of it.

NightShade03 wrote: »

I'd like to do my RHCE & finish my MCSE, however I've been bitten by the Cisco bug and I've become obsessed with networking....so I want my CCIE first lol

OMG RHCE+MCSE+CCIE. That is going to take alot of but im sure it is possible. As for me I just want my RHCE+CCNP/SP/IP (along with some lower levels of certs and other things like SSCP and OSCP and stuff) in the not to distant future. I would love to get my CCIE in S or R/S in the next 4 years as well.

If you don't mind me asking, what is your overall goal career wise? What makes you want every high level cert ever

dynamik

knwminus wrote: »

what makes you want every high level cert ever

ocd....

NightShade03

Haha it def has nothing to do with wanting the high level certs, I actually never even look at it that way. I'm a true "geek" in that I just love to learn new things and spend alot (almost all) of my free time studying.

I actually really want to do something in network security. I would love to be a pen tester, or conduct security audits of websites. I feel that to get there though you need a good deal of exp and a vast amount of knowledge.

I am only 1 exam away from my MCSE so it isn't a big undertaken...I'm just disgusted with all things M$ so I've ventured away at the moment. I really want my CCIE:S mostly because the way networks work and interact interest me.

NightShade03

dynamik wrote: »

ocd....

HAHA I figured someone would make a comment eventually, not surprised that it came from you

Bl8ckr0uter

dynamik wrote: »

ocd....

lol

NightShade03 wrote: »

Haha it def has nothing to do with wanting the high level certs, I actually never even look at it that way. I'm a true "geek" in that I just love to learn new things and spend alot (almost all) of my free time studying.

I actually really want to do something in network security. I would love to be a pen tester, or conduct security audits of websites. I feel that to get there though you need a good deal of exp and a vast amount of knowledge.

I am only 1 exam away from my MCSE so it isn't a big undertaken...I'm just disgusted with all things M$ so I've ventured away at the moment. I really want my CCIE:S mostly because the way networks work and interact interest me.

That's cool. I read your blog from time to time and I learn some interesting things (some things that just make me feel insecure router wise). I was just curious because I figured you were big into security, and I didn't know whether or not you wanted to go into like CSO level of Net Pen type of stuff.

NightShade03

The sad part about being a big security person is that no matter how much I study or learn I just feel like I'm always behind the curve...people are constantly hacking into things in new ways.

On the flip side it means that when I actually do break into the security field I will always have job security I think the other thing too is that in NY everyone wants exp and thats really hard to show at 23

Bl8ckr0uter

NightShade03 wrote: »

The sad part about being a big security person is that no matter how much I study or learn I just feel like I'm always behind the curve...people are constantly hacking into things in new ways.

On the flip side it means that when I actually do break into the security field I will always have job security I think the other thing too is that in NY everyone wants exp and thats really hard to show at 23

You'll get there.

dynamik

knwminus wrote: »

You'll get there.

No you won't. That's what makes security interesting

Bl8ckr0uter

dynamik wrote: »

No you won't. That's what makes security interesting

fair enough.

But at any rate either I am going to use ssh or open vpn. I would like to authenticate to open ldap. This is my pet project for the rest of the year (along with the CCNA at the end of the month and CCNA:S in December)

Forsaken_GA

knwminus wrote: »

I guess Im still a little um intimidated by going str8 gui-less. I am trying to get there. I mean I don't use the sdm that much and I want to start studying Linux really soon (Ubuntu and Ubuntu server). But Im not quite there yet.

Unix ain't windows, man. If you're not comfortable with a shell prompt, you'll just be crippling yourself. It's a little odd to be learning Cisco, and afraid of a CLI on Unix

Bl8ckr0uter

Forsaken_GA wrote: »

Unix ain't windows, man. If you're not comfortable with a shell prompt, you'll just be crippling yourself. It's a little odd to be learning Cisco, and afraid of a CLI on Unix

I didnt say afraid, I said intimidated.

Like I am afraid of fighting a bear. I would be intimidated by Kimbo Slice (well maybe not so much the way he has been fighting lately).
I am learning the cli and I like it but I know I don't know how to do it all and I am still better with a gui (windows) then the cli (linux) which is why I am not diving straight into linux cli without a umbrella (a gui) which is why I am using Ubuntu. It is "windows enough" so it doesn't look like an old school green screen but it has the linux cli so I can use it to build my skills.

I am slowly getting my cli skills up to par so that I can (one day) go without a gui and still be as effective (actually more effective) than with a gui, but Im giving myself the rest of this year and next to get to that level.

ColbyG

knwminus wrote: »

What advantages does it have?

By the way, I plan to use Ubuntu Server and Ubuntu Clients

Advantages:
No need for VPN
Easy to setup
You can change the listen port to something random to avoid scans

Disadvantages:
???

Bl8ckr0uter

ColbyNA wrote: »

Advantages:
No need for VPN
Easy to setup
You can change the listen port to something random to avoid scans

Disadvantages:
???

Well I have asked around work and SSH seems to be the clear winner. I would be forced to learn the cli a little better (which is good) and it seems very secure. I plan to install UbuntU in a virtual box then ssh into my Ubuntu Machine at home.

OpenVPN with OPEN LDAP authentication will be another project I guess.

keenon

Hak5 – Technolust since 2005 Episode 607 – Build a free SSL VPN on Linux or Windows

good show of how to install and do a basic config. You can hit me up.. i'm having to replace the home router (which i was going to do anyway) as its garbage so i can get the port forwarding working.

Bl8ckr0uter

keenon wrote: »

Hak5 – Technolust since 2005 Episode 607 – Build a free SSL VPN on Linux or Windows

good show of how to install and do a basic config. You can hit me up.. i'm having to replace the home router (which i was going to do anyway) as its garbage so i can get the port forwarding working.

Thanks and I will contact you.

keenon

i have set ip up and its running like a champ. i had to rewatch vid while setting it up and afterwards the rest was history along with doing the term server adjustments.

also something i have learned during this setup is that some antivirus suites will not let the java applet load completely for the putty connection. I have seen this error with McAfee and another with Trend Mirco.

Bl8ckr0uter

keenon wrote: »

i have set ip up and its running like a champ. i had to rewatch vid while setting it up and afterwards the rest was history along with doing the term server adjustments.

also something i have learned during this setup is that some antivirus suites will not let the java applet load completely for the putty connection. I have seen this error with McAfee and another with Trend Mirco.

Cool. When I finish building my box I may go this route.