Login or Register to Ask a Question and Join Our Community


IP Networking

Corporate VPN service with separate nets for different users/groups

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking Corporate VPN service with separate nets for different users/groups
# 1  
Old 11-17-2009
Corporate VPN service with separate nets for different users/groups
Hi

We are going to host some services for customers with separate private networks for each customer. Each customer will need one or more users.

I have to put up a VPN solution, and I would like to use something that will work on "any" platform, easily, without too much installation/configuration. I feel PPTP is a good option since the "agent" is included on most platforms. We have a firewall/router on a Debian Linux server, and I'd like to extend it's services to include the VPN service. It has access to all nets, so it should be easier to get that to work.

My firewall/router has four interfaces, but only three of concern. eth0 is the outside, eth1 is the inside and eth2 is DMZ. I use proxyarp to get traffic from eth0 to eth2, with iptables filtering. eth1 has three internal nets in the 192.168.* series. The new nets I want to use for customers will be separate VLAN's on that interface with 10.20.x.* addresses. The firewall/router will of course have an IP in each of these (typically .1).

The big question is how to set this up? Can pptpd be used? Should this be done on a separate server?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Debian

VPN service fails after update applied in Debian Squeeze

Hello everybody, I used to log in to my office via PPTP VPN, but on last October 5th I updated my installed Debian Squeeze and it caused my VPN service (client-side) to fail. After this upgrade I'm unable to log in to the VPN server. Here follows the log: #tail -f /var/log/messages Plugin... (0 Replies)
Discussion started by: r4ym4r
0 Replies

2. UNIX for Advanced & Expert Users

Creating groups and users

Hi Could anyone please suggest how we can check in Linux if a user or a group name is already existing? In case of a user the command should also be able to specify the user with a given directory and shell. We can of course check this using a grep command but since that is just a pattern match,... (12 Replies)
Discussion started by: Dorothy
12 Replies

3. UNIX for Dummies Questions & Answers

Users in multiple groups?

Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance Using Red Hat and here are the issues: Example: Users: Bob Mark Groups: SystemsAnalysts BusinessAnalysts If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Discussion started by: hansokl
2 Replies

4. UNIX for Dummies Questions & Answers

List users and groups

Hi I am new to unix so hopefully someone can help. I need to list all the users I have in my unix enviroment (AIX) and the groups (primary and secondary) they belong to. Can anyone help? Many thanks in advance (2 Replies)
Discussion started by: m3y
2 Replies

5. Solaris

Removing users from groups

How do I remove a user from a group? I'm using the usermod command but its not working. I have a user "abc" who is a member of the groups root and other. I'm trying to remove him from the group "other" (using CLI) which is his secondary group but it's not working. How do I do this? Is there any... (11 Replies)
Discussion started by: the_red_dove
11 Replies

6. UNIX for Dummies Questions & Answers

users and groups

hi eveyone i've recently requested my unix admin to create a userid for 2 groups. He created the id and i can see it by grep "id" /etc/group. But when i login with that id into unix and try to cd that group it says permission denied. something like cd /groupname -- permission denied Can my admin... (1 Reply)
Discussion started by: sammet
1 Replies

7. Linux

listing users and groups

RH 7.2 I'm trying to list the users & groups on my machine. I found the lsuser & lsgroup commands but no associated man pages. I typed: lsuser I get --> Valid options are: -a So I typed: lsuser -a I get --> Valid options are: groups, home So I typed: lsuser -a groups I get -->... (2 Replies)
Discussion started by: jalburger
2 Replies

8. Cybersecurity

Users and groups

Hi, Is it possible that one user belongs to many groups, or the relation of user/group is 1/1?. Thanks Ramón (2 Replies)
Discussion started by: rsanz
2 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

secvpn

SECVPN(1)						      General Commands Manual							 SECVPN(1)

NAME

       secvpn - Control the Secure Virtual Private Network

SYNOPSIS

       secvpn [-v][-n][-s][-r] start|stop|routedel|routeadd|test|status [Host]

DESCRIPTION

       Secvpn builds a virtual private network (vpn) as defined in /etc/network/secvpn.conf. The vpn uses encryption based on ssh security.

       Before secvpn can be used you have to create some prerequisites.  See PREREQUISITES below.

       The following subcommands may be used with secvpn:

       start  is  used	to start the vpn. Secvpn will add new ppp interfaces necessary to make the vpn work, but will not automatically add routes
	      (see the routeadd option below). If the recursive option is set, secvpn will log into the passive hosts and run "secvpn -r start" on
	      them too.

       stop   is used to stop the vpn.

       routeadd
	      is  used	to  setup new routing entries based on secvpn.conf. Secvpn will first add the route active->passive, then tell the passive
	      host to add the route back.  The route in the passive host will be added according to the configuration file there (in  the  passive
	      host), so if the configuration files differ, things will not work.

       routedel
	      will delete the routing entries built with routeadd.

       test   checks whether the ppp interface is used to reach O_CRYPT_IP.

       status same as test, but checks all vpns if no host is named (instead of only active vpns as 'test' does).

OPTIONS

       -v     verbose output

       -n     do nothing

       -s     be silent

       -r     work recursive

PREREQUISITES

       Before  secvpn  can  be used you have to enable passwordless ssh access for user "secvpn" from the initiator secvpn pc to the target secvpn
       pc. Use authorized_ keys or RhostsRSAAuthentication with the .shosts file. Have a look to the ssh - manpages for more information.

       Before secvpn can be used you have to give root rights for specific commands to the user "secvpn". This can be done with the followin  com-
       mand:

	       echo "secvpn  ALL=NOPASSWD: /usr/sbin/secvpn, /usr/sbin/pppd" >>/etc/sudoers

       Before secvpn can be used you have to edit /etc/secvon.conf. See secvpn.conf(4).

EXAMPLES

       There are 3 examples in /usr/share/doc/secvpn/examples:

       Example1: secvpn acts as router connection 2 subnets

       Example2: secvpn having one lan-card and connect 2 subnets

       Example3: secvpn having one lan-card and connect 11 subnets in a tree structure

OTHER

       To  have  real  security  it  is  necessary to secure each secvpn host and to have firewalls on each secvpn host allowing only selected IP-
       Adresses and Ports to pass through the VPN.

AUTHOR

       Bernd Schumacher, HP Consulting, HEWLETT-PACKARD GmbH, Bad Homburg, 2000-2005

COPYRIGHT

       Copyright: Most recent version of the GPL.

       On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in "/usr/share/common-licenses/GPL".

SEE ALSO

       secvpn(1) secvpnmon(1) ssh(1) timeout(1) secvpn.conf(4)

secvpn								    August 2000 							 SECVPN(1)