Proxy / Firewall solution with VPN possibilities

Hi, I'm looking for advice.

We currently use Wingate as a proxy/firewall solution installed on an
old NT box.

We have decided to move to Linux, because we have a limited requirement
for salesman to dial into the network in a secure way and found the
Windows solutions to be fiddly, costly or of doubtful security.

My first problem in moving to Linux is in getting an equivalent service
to what we had before. ie a dependable and secure proxy server solution.

Any web search reveals a confusing mass of possible combinations of
software I could use. What is the commonly accepted standard solution
and will I be able to set up a VPN behind it at a future time with or
without additional software?

Regards,

Marcus Thornton.

Marcus wrote:

> Hi, I'm looking for advice.
>
> We currently use Wingate as a proxy/firewall solution installed on an
> old NT box.
>
> We have decided to move to Linux, because we have a limited requirement
> for salesman to dial into the network in a secure way and found the
> Windows solutions to be fiddly, costly or of doubtful security.
>
> My first problem in moving to Linux is in getting an equivalent service
> to what we had before. ie a dependable and secure proxy server solution.
>
> Any web search reveals a confusing mass of possible combinations of
> software I could use. What is the commonly accepted standard solution
> and will I be able to set up a VPN behind it at a future time with or
> without additional software?


Some versions of Linux, such as Red Hat, include the CIPE VPN. There's also
a Windows version.


--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Marcus <(E-Mail Removed)> wrote:

[Replacing Wingate Proxy/Firewall]

> We have decided to move to Linux, because we have a limited requirement
> for salesman to dial into the network in a secure way and found the
> Windows solutions to be fiddly, costly or of doubtful security.
>
> My first problem in moving to Linux is in getting an equivalent service
> to what we had before. ie a dependable and secure proxy server solution.

What do you mean with "secure proxy server"? Do you mean
the proxy can't be missused from the outside and does not
show up too often in the Security Bulletins?

For the HTTP proxy I would propose to use squid.
http://www.squid-cache.org/


> Any web search reveals a confusing mass of possible combinations of
> software I could use. What is the commonly accepted standard solution
> and will I be able to set up a VPN behind it at a future time with or
> without additional software?

I think it would be better to run the proxy on a host in the
DMZ, and only run the VPN Gateway *on* the Firewall/Router,
especially if the Router performs NAT. If you need to deploy
a VPN Gateway behind a NAT-router you need to take care that
the VPN traffic can pass the Firewall/Router unmolested.

For VPN technologies the following comes to my mind:

FreeSwan (IPSec)
http://www.freeswan.org/

OpenVPN
http://openvpn.sourceforge.net/


A book which covers quite a range of different VPN
technologies is:

"Building Linux Virtual Private Networks" by Oleg
Kolesnikov, Brian Hatch; ISBN: 1578702666


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn