[VPN] help!: Routing all ports on a 2000/XP/NT based sytem though VPN/SSH + Wireless

Abram Catalano abramcat at yahoo.com
Mon Nov 25 18:47:59 EST 2002


ahh, that does make more sense. Do you know of a
windows service that does this?  I'm not sure if
stunnel is a service or an application...
I'll look into it more.  If it is a application rather
than a service (If you have played with it at all),
that probably wouldnt suit my needs for NT login
stuff.

I know I need to play with stunnel more (or other
clients) not to mention RTFM, but some potential
difficulties I see are that I need to configure the
client's applications to use the tunnel sometimes,
such as when communicating with an exchange server on
the internel network, but also I want the browser to
use its own internet connection (obviously it has one
since it can connect to my internel network) instead
of using my internel network's bandwidth. As I am just
starting out in this field, maybe there is an easy way
to do this, maybe stunnel does it by port? but if not,
I dont really see how windows would know which way to
send the exiting packets...

Any input would be appreciated. I know, I need to do
some research as well, and RTFM :)

Thought I'd put it out to the list first though to
minimize my time spend in potentially the wrong
direction.  Thanks, 

Abram


--- Chris Gripp <cgripp at automotive.com> wrote:
> I think the basice idea here that you may be missing
> is that there is a client device (be it software on
> the windows box or an actual physical device) that
> is doing the encryption.  The tunne can be based on
> IP layer only so that ALL traffic is tunnelled.  As
> for the return path, the correct routes simply need
> to be on your network to route the return traffic to
> the remote user through the VPN device at your site.
> 
> Chris
> 
> -----Original Message-----
> From: Abram Catalano [mailto:abramcat at yahoo.com]
> Sent: Monday, November 25, 2002 2:56 PM
> To: vpn at lists.shmoo.com
> Subject: [VPN] help!: Routing all ports on a
> 2000/XP/NT based sytem
> though VPN/SSH + Wireless
> 
> 
> Hello all, 
> 
> 2 questions if I may:
> 1:========================
> I have a situation where I have an NT domain network
> within a firewall, and I have a workstation outside
> the network, on a public IP somewhere else, and need
> it to both do an NT authentication, and be encrypted
> and able to use the internel nets
> servers/files/printers etc.  
> 
> Since the workstation will use many softwares(and
> therefore many different ports) to connect to
> various
> services(servers, deamons) inside the local net, I
> need a way to send all traffic from the NT/XP
> machine
> outside the network though a secure tunnel, and/or
> have it create a tunnel for each port that it needs
> to
> communicate with.
> 
> I am a little confused as to how this would work,
> especially incoming packets, how would they get
> routed
> back to the port that the client is expecting the
> response on. I expect additional ports would need
> additional tunnels to get this working correctly?
> 
> I can have a linux machine inside dealing with the
> tunnel if need be, since MS trys at true encryption
> seem to be weak if this would help.
> 
> Also, when I have the XP/NT machine outside the
> network start up, I want the tunnel established
> before
> the user logs on, so they can authenticate
> themselves
> on the internel network.
> 
> 2:====================
> My next questions is in regards to wireless, and
> running a secure tunnel though wireless to eliminate
> the need for the proven weak WEP. (by
> airsnort.shmoo.com thanks guys)
> 
> Has anyone done this?  Again, I am still confused as
> to how all the ports are routed through the tunnel
> and
> or open tunnels themselves.  Especially how to do it
> with windows.
> 
> 
> Any input would be greatly appeciated. 
> Thanks, 
> Abram
> 
> 
> 
> 
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> 
> This email and any files transmitted with it are
> confidential and intended solely for the use of the
> individual or entity to whom they are addressed. If
> you have received this email in error please notify
> the system manager. Please note that any views or
> opinions presented in this email are solely those of
> the author and do not necessarily represent those of
> the company. Finally, the recipient should check
> this email and any attachments for the presence of
> viruses. The company accepts no liability for any
> damage caused by any virus transmitted by this
> email.
> 
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com



More information about the VPN mailing list