Opinion: Best VPN to use with Fedora/Windows

[Ed K.]

On Sun, 9 Jan 2005, Kevin Fries wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> OK, I know this type of question always has the danger of starting a
> flame war, that is not my intention, so I ask ahead of time to keep
> the rhetoric down.
>
> I am beginning to think about installing VPN services.  Being that our
> servers are all Fedora, this seems like a logical place to start my
> quest for knowledge.  Our network is small, but my users are somewhat
> mobile.  I have essentially two servers: the inside server; and the
> outside server.  All our desktops, except my desktop, my laptop, and
> the guest office kiosk, are Windows 2000.
>
> When my guys go on the road, they sometimes need to get information
> from the shares on either someone's desktop, or off a SAMBA share
> hosted on the internal server.  Right now, they are using a FTP server
> that essentially does a soft chroot into their home directories on the
> public server, then I build symbolic links to mounted resources to
> give them access to what they want.  This system works, but is not as
> stable as I would like (stale NFS links, other machine problems, etc).
>
> What I would like is to find a VPN solution that I can host on one of
> my servers (internal and external are only indications of their
> primary purpose, the internal server does have Internet access and is
> used as a backup DNS and Postfix server) to allow my guys on the road
> the ability to see the internal network resources.  This includes but
> is not limited to the SMB shares and printers.  I would also like this
> solution to have Linux and Mac equivalents.
>
> All our account information is stored in an LDAP server, which is
> retrieved via PAM and the PADL tools.  I am slowly reconfiguring my
> software to take the information from the LDAP server directly, and
> would like to limit my options to products that can be configured that
> way.  Since I only store accounts in LDAP, it is not critical that all
> settings be stored that way.  Postfix is a perfect example: config in
> /etc/postfix but can pull valid users from LDAP.  I would also like to
> enable or disable accounts with the use of a objectclass.  Users with
> an objectclass of vpnUser for example can use the VPN, otherwise,
> account not found.
>
> Does anyone else have this Linux back end / Windows & Linux desktop
> setup that is also providing VPN services?
>
> What are you using?
>
> What makes you do the happy dance about your solution?
>
> What makes you curse like a sailor on shore leave about your solution?
>
> Thanks in advance
> Kevin Fries

Kevin,

I've had the most success with openvpn.sf.net running is bridge mode. The 
road warriors are a true member of the network, listening to all that 
windows broadcasts that get sent around. Its easy to install (well 
compared to other vpn) and does not require a kernel rebuild.

Open VPN channels all traffic via a single udp port, more secure then 
other VPN solutions.

And a small install on the windows.

ed