I need a network linkup between my two offices for purposes of telnet
login from the client at the branch office to the server at the main
office. I understand that this could be done via VPN connection over
the internet. The Windows XP setup I can do, but I'm having trouble
finding how to set up the VPN server at the main office. I've looked
on the SCO web site - no luck. Also tried newsgroups; lots of info for
linux but nothing for SCO OSR. Can this be done in software only, or
is hardware needed? Can someone give me a steer to the info?

Main Office:

Dell Server, SCO OSR Enterprise 5.0.6., LAN, DSL ISP access - dynamic
IP address.

Branch Office:

Gateway client, Windows XP, LAN, DSL ISP access - dynamic IP address.

Thanks.

On Mon, Jun 07, 2004, RP wrote:
>I need a network linkup between my two offices for purposes of telnet
>login from the client at the branch office to the server at the main
>office. I understand that this could be done via VPN connection over
>the internet. The Windows XP setup I can do, but I'm having trouble
>finding how to set up the VPN server at the main office. I've looked
>on the SCO web site - no luck. Also tried newsgroups; lots of info for
>linux but nothing for SCO OSR. Can this be done in software only, or
>is hardware needed? Can someone give me a steer to the info?

The easiest way to do this is probably to install something like a LinkSys
BEFVP41 VPN box immediately behind your network connection. These are
cheap, easy to configure, and OS agnostic.

The only serious hitch you might have is if you're on DSL or something that
already has a box that's doing NAT (Network Address Translation) for your
network. IPSec doesn't work behind a NAT connection.

These LinkSys boxes work well with other types of IPSec connections, and we
have several connecting to a SuSE 9.0 Professional box here that's running
freeswan.

Bill
--
INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

Imagine if every Thursday your shoes exploded if you tied them the usual
way. This happens to us all the time with computers, and nobody thinks of
complaining.
-- Jef Raskin http://jefraskin.com/

"Bill Campbell" <bill@celestial.com> wrote in message
news:mailman.3.1086579737.1761.sco-misc@lists.celestial.com...
> On Mon, Jun 07, 2004, RP wrote:
> >I need a network linkup between my two offices for purposes of telnet
> >login from the client at the branch office to the server at the main
> >office. I understand that this could be done via VPN connection over
> >the internet. The Windows XP setup I can do, but I'm having trouble
> >finding how to set up the VPN server at the main office. I've looked
> >on the SCO web site - no luck. Also tried newsgroups; lots of info for
> >linux but nothing for SCO OSR. Can this be done in software only, or
> >is hardware needed? Can someone give me a steer to the info?
>
> The easiest way to do this is probably to install something like a LinkSys
> BEFVP41 VPN box immediately behind your network connection. These are
> cheap, easy to configure, and OS agnostic.
>
> The only serious hitch you might have is if you're on DSL or something
that
> already has a box that's doing NAT (Network Address Translation) for your
> network. IPSec doesn't work behind a NAT connection.
>
> These LinkSys boxes work well with other types of IPSec connections, and
we
> have several connecting to a SuSE 9.0 Professional box here that's running
> freeswan.
>
> Bill

In addition to this, Linksys has a few good "how to" articles on their
website.

Ron

In article <mailman.3.1086579737.1761.sco-misc@lists.celestial.com>,
Bill Campbell <bill@celestial.com> wrote:
>On Mon, Jun 07, 2004, RP wrote:
>>I need a network linkup between my two offices for purposes of telnet
>>login from the client at the branch office to the server at the main
>>office. I understand that this could be done via VPN connection over
>>the internet. The Windows XP setup I can do, but I'm having trouble
>>finding how to set up the VPN server at the main office. I've looked
>>on the SCO web site - no luck. Also tried newsgroups; lots of info for
>>linux but nothing for SCO OSR. Can this be done in software only, or
>>is hardware needed? Can someone give me a steer to the info?

>The easiest way to do this is probably to install something
>like a LinkSys BEFVP41 VPN box immediately behind your network
>connection. These are cheap, easy to configure, and OS agnostic.

>The only serious hitch you might have is if you're on DSL or
>something that already has a box that's doing NAT (Network
>Address Translation) for your network. IPSec doesn't work behind
>a NAT connection.

>These LinkSys boxes work well with other types of IPSec
>connections, and we have several connecting to a SuSE 9.0
>Professional box here that's running freeswan.

Last month I saw that at least some Linksys devices have a DDoS
problem. I do not recall the model number, and at the time of the
writing there was no response from Cisco.


--
Bill Vermillion - bv @ wjv . com

On Mon, 7 Jun 2004, RP wrote:

> I need a network linkup between my two offices for purposes of telnet
> login from the client at the branch office to the server at the main
> office. I understand that this could be done via VPN connection over
> the internet. The Windows XP setup I can do, but I'm having trouble
> finding how to set up the VPN server at the main office. I've looked
> on the SCO web site - no luck. Also tried newsgroups; lots of info for
> linux but nothing for SCO OSR. Can this be done in software only, or
> is hardware needed? Can someone give me a steer to the info?
>
I have had excellent results with the MultiTech RF550VPN which features
modem backup for the WAN connection (or, if your stuck in the boonies with
no WAN available, it IS the main connection!).

http://www.multitech.com/PRODUCTS/Families/SOHO_VPN/

I have been using one for about 18 months now with excellent results.

Thank you,
Lucky

Lucky Leavell Phone: (800) 481-2393 (US/Canada)
UniXpress - Your Source for SCO OR: (812) 366-4066
1560 Zoar Church Road NE FAX: (812) 366-3618
Corydon, IN 47112-7374 Email: lucky@UniXpress.com
WWW Home Page: http://www.UniXpress.com

On Mon, 07 Jun 2004 13:25:09 GMT, bv@wjv.com (Bill Vermillion) wrote:

>Last month I saw that at least some Linksys devices have a DDoS
>problem. I do not recall the model number, and at the time of the
>writing there was no response from Cisco.

Nope. BEFVP41 does not have the ping bug. It was fixed with latest
firmware for various wireless routers.

Netgear WG602 access point has a built in back door password.
http://www.securityfocus.com/archive/1/365069

I have several pairs of BEFVP41 VPN routers terminating a VPN at
various customers. They work just fine. Terminating a VPN with a
server (as in the Microsoft way of doing a VPN) is IMHO, not a good
idea. The server has better things to do than imitate a $100
dedicated appliance.

However, methinks the right answer is to use open source firmware in
off the shelf routers. Netgear and Linksys both have GPL code posted
on their web piles for many of their wireless routers.
http://www.linksys.com/support/gpl.asp
These have been modified and expanded by various groups and
individuals. The major effort is with wireless access points and
routers, but it may be possible to cram a VPN shim into the stack.
http://www.seattlewireless.net/index.cgi/LinksysWrt54g
http://www.portless.net/ewrt/
http://h.vu.wifi-box.net/wrt54g/
http://www.batbox.org/wrt54g-linux.html
http://www.linksysinfo.org
http://www.sveasoft.com/modules/phpBB2/index.php
http://docs.sveasoft.com
There are several approaches to cramming additional features into the
wireless access points so look around for one that seems appropriate.
Ah... The wifi-box version apparently (not sure) has built in VPN
termination.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D 831-336-2558
Santa Cruz CA 95060 AE6KS

On Mon, Jun 07, 2004, Jeff Liebermann wrote:
>On Mon, 07 Jun 2004 13:25:09 GMT, bv@wjv.com (Bill Vermillion) wrote:
>
>>Last month I saw that at least some Linksys devices have a DDoS
>>problem. I do not recall the model number, and at the time of the
>>writing there was no response from Cisco.
>
>Nope. BEFVP41 does not have the ping bug. It was fixed with latest
>firmware for various wireless routers.
>
>Netgear WG602 access point has a built in back door password.
> http://www.securityfocus.com/archive/1/365069
>
>I have several pairs of BEFVP41 VPN routers terminating a VPN at
>various customers. They work just fine. Terminating a VPN with a
>server (as in the Microsoft way of doing a VPN) is IMHO, not a good
>idea. The server has better things to do than imitate a $100
>dedicated appliance.

We've been using the BEFVP41s for several year now. Just last week, I
finally got around to figuring out FreeS/WAN on a SuSE 9.0 box here which
we're now using instead of the LinkSys box that's been acting up recently.

>However, methinks the right answer is to use open source firmware in
>off the shelf routers. Netgear and Linksys both have GPL code posted
>on their web piles for many of their wireless routers.

That's fine if one has the time and inclination to fiddle. My customers
are better off buying the appliance box. We spent quite a bit of time with
LRP/LEAF routers, but came to the conclusion that they're generally more
trouble than they're worth for the average SOHO installation.

On the other hand, when we install a system which will be doing e-mail, web
services, etc, it makes sense to configure FreeS/WAN or the FreeBSD IPSec
with a 2nd NIC than to use an external box, particularly if the customer
has many VPN connections to support.

Bill
--
INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

``Ah, you know the type. They like to blame it all on the Jews or the
Blacks, 'cause if they couldn't, they'd have to wake up to the fact that
life's one big, scary, glorious, complex and ultimately unfathomable
crapshoot -- and the only reason THEY can't seem to keep up is they're a
bunch of misfits and losers.''
-- A analysis of Neo-Nazis, from "The Badger" comic

VPN

You can see there are too many ways to kill this cat.

You do not need to involve the SCO box at all. You do not need to buy
commercial routers.

I use "floppyfw" to set up a vpn between office and home. This can use any
old Pentium or even 486. Strip out everything, and lumps for heatsinks, no
hardrive, no fans, just a floppy and two NICS, one for the cable modem,
other for network. Lovely. System looks quite dead according to grc.com.
More flexible than most commercial routers and uses old kit so good for the
environment. Uses IPtables. Rock solid, stays on for months and months.
Once set up you can forget about it.

See www.zelow.no/floppyfw
You can use this to set up a VPN directly if you have floppyfw boxes at both
ends.

I do nothing to the SCO box, since the SCO box is on the LAN, you can
telnet, see samba, ftp the lot via the vpn.
I am ashamed to say I use XP as client and server for the VPN. When setting
up the home XP VPN connection give the home machine an IP/netmask that is
within that of the remote office LAN or you will not see all the remote
machines!

email is gerardatcareproviderdotcom

Gerry

"Lucky Leavell" <scomisc@UniXpress.com> wrote in message
news:mailman.0.1086619689.2624.scomisc@lerctr.org. ..
> On Mon, 7 Jun 2004, RP wrote:
> > I need a network linkup between my two offices for purposes of telnet
> > login from the client at the branch office to the server at the main
> > office. I understand that this could be done via VPN connection over
> > the internet. The Windows XP setup I can do, but I'm having trouble
> > finding how to set up the VPN server at the main office. I've looked
> > on the SCO web site - no luck. Also tried newsgroups; lots of info for
> > linux but nothing for SCO OSR. Can this be done in software only, or
> > is hardware needed? Can someone give me a steer to the info?
> >
> I have had excellent results with the MultiTech RF550VPN which features
> modem backup for the WAN connection (or, if your stuck in the boonies with
> no WAN available, it IS the main connection!).
>
> http://www.multitech.com/PRODUCTS/Families/SOHO_VPN/

After hearing Tony praise this Mutlitech SOHO VPN, I bought around 5 of
them, been using them for a year now and they have performed great. You can
buy these for around $ 130.00 if you shop around. I am also impressed with
the SnapGear SOHO router, www.snapgear.com. Snapgear just got high praises
in some product reviews I saw. Snapgear runs embedded Linux. They have added
some nice features, and I think they go beyond the Mutlitech SOHO in
features.