[H-GEN] Request for help with smoothwall firewall

Christopher LeMoyne christopher_lemoyne at yahoo.com.au
Thu Sep 22 04:44:40 EDT 2005 

Ronald Bradford wrote:

> However two things remain, VPN & VNC access.   I've been unsuccessful 
> in doing testing of VPN access from a Windoze machine (which all staff 
> use).
> While there is a certain amount of accessible documentation, it's a 
> lot to wade through and consensus is VPN is complicated, and with 
> Microsoft not supporting IPsec very difficult hence my request for 
> anybody that could give some valuable assistance first hand.


Hi Ronald,

Firstly, Microsoft Windows does support IPSEC firewalls.  PPTP is their 
primary focus, but they do support IPSEC (out-of-the-box on 2k and XP).  
I know, because it's a big part of exam 70-218 (requirement for the 
MCSA) which I passed a few months ago.  IPSEC, unfortunately, is quite 
complicated to setup, no matter what platform you choose.  It is best 
implemented at larger companies that can readily setup the 
infrastructure needed.  Some resources for IPSEC on Windows:
http://labmice.techtarget.com/networking/ipsec.htm

Secondly, you may want to consider another firewall technology 
altogether.  I have setup a number of OpenVPN tunnels to friend's 
machines & LAN's, using both Linux and Windows.  OpenVPN is OpenSource, 
comes with a Windows installer and Linux binaries/source, is quite 
simple to implement (especially suitable for SME), and comes with some 
excellent howto's and other doco:
http://openvpn.net/

Thirdly, for VNC, I thoroughly recommend UltraVNC (also OpenSource).  
Although it is Windows-only, it is backwards-compatible with other VNC 
versions (depending on what authentication methods you select, if you 
choose MS-Logon I or MS-Logon II, it is then UltraVNC only, though it 
has an embedded JavaViewer for other platforms to use).  It has some 
excellent features, such as requesting user permission to shadow, and 
defaulting to accept or reject with a timeout, and quite a few others 
that make it very suitable for business use.  Refer to Anthony Irwin's 
post for how to forward different ports to each machine inside the LAN.  
You could either change the port on each machine via UltraVNC's settings 
panel, or rewrite the port number with your firewall rules.
http://ultravnc.sourceforge.net/

Good luck.

Regards,
Christopher

More information about the General mailing list