[H-GEN] Request for help with smoothwall firewall
Christopher LeMoyne
christopher_lemoyne at yahoo.com.au
Thu Sep 22 04:44:40 EDT 2005
Ronald Bradford wrote:
> However two things remain, VPN & VNC access. I've been unsuccessful
> in doing testing of VPN access from a Windoze machine (which all staff
> use).
> While there is a certain amount of accessible documentation, it's a
> lot to wade through and consensus is VPN is complicated, and with
> Microsoft not supporting IPsec very difficult hence my request for
> anybody that could give some valuable assistance first hand.
Hi Ronald,
Firstly, Microsoft Windows does support IPSEC firewalls. PPTP is their
primary focus, but they do support IPSEC (out-of-the-box on 2k and XP).
I know, because it's a big part of exam 70-218 (requirement for the
MCSA) which I passed a few months ago. IPSEC, unfortunately, is quite
complicated to setup, no matter what platform you choose. It is best
implemented at larger companies that can readily setup the
infrastructure needed. Some resources for IPSEC on Windows:
http://labmice.techtarget.com/networking/ipsec.htm
Secondly, you may want to consider another firewall technology
altogether. I have setup a number of OpenVPN tunnels to friend's
machines & LAN's, using both Linux and Windows. OpenVPN is OpenSource,
comes with a Windows installer and Linux binaries/source, is quite
simple to implement (especially suitable for SME), and comes with some
excellent howto's and other doco:
http://openvpn.net/
Thirdly, for VNC, I thoroughly recommend UltraVNC (also OpenSource).
Although it is Windows-only, it is backwards-compatible with other VNC
versions (depending on what authentication methods you select, if you
choose MS-Logon I or MS-Logon II, it is then UltraVNC only, though it
has an embedded JavaViewer for other platforms to use). It has some
excellent features, such as requesting user permission to shadow, and
defaulting to accept or reject with a timeout, and quite a few others
that make it very suitable for business use. Refer to Anthony Irwin's
post for how to forward different ports to each machine inside the LAN.
You could either change the port on each machine via UltraVNC's settings
panel, or rewrite the port number with your firewall rules.
http://ultravnc.sourceforge.net/
Good luck.
Regards,
Christopher
More information about the General
mailing list