Installing a VPN

[Eric Livingston]

> Hi all,
> I am hoping to gain information based on your
> experiences.  We're a small manufacturing company
> running a peer-to-peer network and would like to set
> up a VPN as our WAN when half of the office moves to a
> new building.  We have about 22 users on our network
> all connected to a hub.  We also have an internet
> server set up with a firewall.  My question is this:
> what do I need to set up our VPN?  More specifically,
> what hardware (if any) and recommended manufacturers
> are required and what software is required?  I'm kind
> of new to this whole VPN world so any suggestions you
> have from your past experiences would be greatly appreciated.

I've been running a VPN using SSH and PPP for over a year now between my
home LAN and my work LAN. It works beautifully, and it's highly configurable
(type of encryption, level of compression, etc). Also, depending on your
selection of encryption algorithm, you can get pretty low overhead. I was
using a 486/75 as my VPN gateway machine over ISDN (128k) and the cpu never
worked more than 4% (and averaged around 2%) even when saturating the line
with a full-speed download. Now that I'm running a Pentium 200 as my VPN
gateway using DSL, the cpu load is still 2-5% with pretty low latency given
the packet gymnastics going on (the VPN adds about 30ms of latency for me).

Anyway, the tools required are all free, and the process is documented in
the VPN HOWTO that's standard with any distribution.

There is one program, pty-redir, that you'll have to download (aside from
SSH) to get it to work. I found the pty-redir (version .1) referenced in the
HOWTO was too old to work with my newer (2.2.x) kernel, so I updated that
program (to version .2) and placed it on my site at www.thelivingstons.org.
It's GPL - feel free to use it if you need it.

Good luck.
Eric

VPN is sponsored by SecurityFocus.COM