Can't find suitable firewall/VPN software for dynamic IPs

Discussion in 'Linux Networking' started by kenw, Feb 8, 2004.

  1. kenw

    kenw Guest

    Is there _any_ open source firewall solution that provides VPN endpoints
    with dynamic IPs, and supports Microsoft (or free) VPN clients for Windows

    I've been asked to build a software firewall for a small business network.
    I can't seem find anything Linux (or equiv.) based, that meets my needs,
    which are:

    - it should provide NAT service for outbound connections, although I do NOT
    need it to provide DHCP or DNS services. So far no problem. Smoothwall,
    e.g., handles this nicely.

    - must act as a VPN endpoint (i.e., NOT passthrough) for the local network,
    providing remote access for remote Windows XP Pro workstations using
    Microsoft VPN clients.

    - must support VPN with dynamic IP on both ends. Most Linux firewalls only
    support IPsec, and hence static IPs; I think we're down to PPTP and L2TP.
    This blows it for ITShield, too; for some crazy reason, even though it
    supports PPTP, it requires a static IP. Those things ain't cheap.

    - do NOT want to use pinholes or VPN pass-through; i.e., no direct access
    to internal systems by any clients not authenticated to the firewall. I
    can buy a cheap hardware firewall if I'm just going to poke holes in it.

    - must be quick and easy to set up. The client won't pay for a day's worth
    of my time to figure out unmaintainable patches, scripts, etc.

    What I really want is an 386 ISO image with PoPToP already incorporated, I
    think. Nothing of the sort seems to exist.

    Before people rag on me about PPTP security, let's be clear about whether
    we're talking about PPTP v1 or v2; it makes a big difference. With a
    firewall endpoint, I control the passwords; they're good, and used nowhere
    else. And if anybody's got a better solution for dynamic IPs, I'm

    BTW, there's one other solution I might possibly use in this situation: an
    HTTP/HTTPS inbound proxy server -- since all I _really_ need right now is
    to allow secure remote access to a web-based app running on a Win2K server.
    Do such beasts really exist, or would I need some sort of stateful
    inspection? Using MS' IIS on that server is not an option I want to think

    Ken Wallewein
    K&M Systems Integration
    Phone (403)274-7848
    Fax (403)275-4535
    kenw, Feb 8, 2004
    1. Advertisements

  2. kenw

    Leythos Guest

    A simple Linksys VPN router will do all of this an more. The VPN routers
    allow IPSec over dynamic IP's using the user name and key method.
    Leythos, Feb 8, 2004
    1. Advertisements

  3. kenw

    kenw Guest

    Personally, if I were going hardware, I'd use a Netopia -- say, their
    3381-ENT. It's more flexible.

    But I wanted an open source software-based solution, and although I plenty
    of mention of dynamic DNS, I see little about dynamic IPs for VPN

    For example, the SmoothWall FAW says:
    Admittedly, I wasn't really thinking of IPsec with dynamic IPs, although
    it's an intriguing possibility. But I don't see any simple, open source
    solutions for that, either.

    The hardware firewall solution certainly looks better at the moment.

    Ken Wallewein
    K&M Systems Integration
    Phone (403)274-7848
    Fax (403)275-4535
    kenw, Feb 9, 2004
  4. kenw

    James Knott Guest

    I use CIPE, which works well. I've always used it with dhcp at both ends.
    The fact that it's dhcp is irrelevant, provided you have a known &
    consistent host name.


    Fundamentalism is fundamentally wrong.

    To reply to this message, replace everything to the left of "@" with
    James Knott, Feb 10, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.