You bet it's possible; we do this all the time. In the case of my
district, we use an IPSec VPN gateway and have people use something
like either VPNC or Cisco's VPN client. Then, it's just like they're
inside, at their offices. They get access to everything they'd have if
they were physically in the office. It's great.|
You have your choice of VPN gateways if you choose to go IPSec--you've got Linux's OpenS/WAN, OpenBSD, Cisco, Nokia--you name it. We didn't want to deal with the *MAJOR* hassle of PKI and certificates either, so we decided on using pre-shared group keys. A lot of people scream at the notion of using pre-shared group keys, but we find that it works very well and actually is sufficiently secure for our needs. Since we're a Microsoft shop, we tell our VPN Concentrator (a Cisco 3060) to authenticate against our Active Directory. However, you could also authenticate against a real LDAP directory or the VPN gateway's local /etc/passwd file, for example.
For one small (4-person) business, I used a Cisco 2621 that they bought off of eBay about four years ago. The authentication is done on the router's local username/password database. Today, I'd recommend a 3725 instead of the 2621, and a crypto acceleration card would be very highly recommended as well. If you don't want to spend any money, then you've got some learning to do. I would recommend checking out OpenBSD 4.1's IPSec gateway functionality. It used to be a royal PITA to set up, but it's now much, much easier. You will also need a reasonably powerful computer to do this; crypto, especially 3DES crypto, is rather CPU-intensive, generally. However, VIA C7 CPU's come with integrated crypto acceleration right in the CPU, and they're low-power, so that's an option.
Someone also mentioned using SFTP. Yes, you can do that, and I have. But then, the box into which you have people SFTP'ing also needs to be directly accessible from the Internet. I wouldn't recommend doing that unless you *really* know what you're doing.
Just as a note, please don't equate "open source" with "no cost." MS Internet Explorer or Apple's Safari for Windows doesn't cost money to download, but neither one is open source. And Red Hat Enterprise Linux, which *is* open source, does cost money. They're very different concepts.
Do you GNU!?
Microsoft Free since 2003--the ultimate antivirus protection!
Kari Matthews wrote: