[VPN] help!: Routing all ports on a 2000/XP/NT based sytem though VPN/SSH + Wireless

Yupin Mungdee amanda at wineasy.se
Tue Nov 26 03:05:52 EST 2002


One Windows service that does this is the VPN client that is bundled with
every Windows version since Windows 95. You just run a basic VPN like PPTP
or IPsec and it will take care of your encryption, tunneling and logon.
There is no need for stunnel and other 3rd party solutions if you're just
routing IP over the Internet. Stunnel is meant for situations where you are
seaking through a hostile firewall. It is useless if you own the firewall
yourself.

You could do worse than reading the VPN help pages in Windows. And some
basic books on this stuff might be helpful, like:
http://www.amazon.com/exec/obidos/ASIN/1931490430/

A.

----- Original Message -----
From: "Abram Catalano" <abramcat at yahoo.com>
To: "Chris Gripp" <cgripp at automotive.com>
Cc: <VPN at lists.shmoo.com>
Sent: Tuesday, November 26, 2002 12:47 AM
Subject: RE: [VPN] help!: Routing all ports on a 2000/XP/NT based sytem
though VPN/SSH + Wireless


> ahh, that does make more sense. Do you know of a
> windows service that does this?  I'm not sure if
> stunnel is a service or an application...
> I'll look into it more.  If it is a application rather
> than a service (If you have played with it at all),
> that probably wouldnt suit my needs for NT login
> stuff.
>
> I know I need to play with stunnel more (or other
> clients) not to mention RTFM, but some potential
> difficulties I see are that I need to configure the
> client's applications to use the tunnel sometimes,
> such as when communicating with an exchange server on
> the internel network, but also I want the browser to
> use its own internet connection (obviously it has one
> since it can connect to my internel network) instead
> of using my internel network's bandwidth. As I am just
> starting out in this field, maybe there is an easy way
> to do this, maybe stunnel does it by port? but if not,
> I dont really see how windows would know which way to
> send the exiting packets...
>
> Any input would be appreciated. I know, I need to do
> some research as well, and RTFM :)
>
> Thought I'd put it out to the list first though to
> minimize my time spend in potentially the wrong
> direction.  Thanks,
>
> Abram
>
>
> --- Chris Gripp <cgripp at automotive.com> wrote:
> > I think the basice idea here that you may be missing
> > is that there is a client device (be it software on
> > the windows box or an actual physical device) that
> > is doing the encryption.  The tunne can be based on
> > IP layer only so that ALL traffic is tunnelled.  As
> > for the return path, the correct routes simply need
> > to be on your network to route the return traffic to
> > the remote user through the VPN device at your site.
> >
> > Chris
> >
> > -----Original Message-----
> > From: Abram Catalano [mailto:abramcat at yahoo.com]
> > Sent: Monday, November 25, 2002 2:56 PM
> > To: vpn at lists.shmoo.com
> > Subject: [VPN] help!: Routing all ports on a
> > 2000/XP/NT based sytem
> > though VPN/SSH + Wireless
> >
> >
> > Hello all,
> >
> > 2 questions if I may:
> > 1:========================
> > I have a situation where I have an NT domain network
> > within a firewall, and I have a workstation outside
> > the network, on a public IP somewhere else, and need
> > it to both do an NT authentication, and be encrypted
> > and able to use the internel nets
> > servers/files/printers etc.
> >
> > Since the workstation will use many softwares(and
> > therefore many different ports) to connect to
> > various
> > services(servers, deamons) inside the local net, I
> > need a way to send all traffic from the NT/XP
> > machine
> > outside the network though a secure tunnel, and/or
> > have it create a tunnel for each port that it needs
> > to
> > communicate with.
> >
> > I am a little confused as to how this would work,
> > especially incoming packets, how would they get
> > routed
> > back to the port that the client is expecting the
> > response on. I expect additional ports would need
> > additional tunnels to get this working correctly?
> >
> > I can have a linux machine inside dealing with the
> > tunnel if need be, since MS trys at true encryption
> > seem to be weak if this would help.
> >
> > Also, when I have the XP/NT machine outside the
> > network start up, I want the tunnel established
> > before
> > the user logs on, so they can authenticate
> > themselves
> > on the internel network.
> >
> > 2:====================
> > My next questions is in regards to wireless, and
> > running a secure tunnel though wireless to eliminate
> > the need for the proven weak WEP. (by
> > airsnort.shmoo.com thanks guys)
> >
> > Has anyone done this?  Again, I am still confused as
> > to how all the ports are routed through the tunnel
> > and
> > or open tunnels themselves.  Especially how to do it
> > with windows.
> >
> >
> > Any input would be greatly appeciated.
> > Thanks,
> > Abram
> >
> >
> >
> >
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> > now.
> > http://mailplus.yahoo.com
> > _______________________________________________
> > VPN mailing list
> > VPN at lists.shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/vpn
> >
> > This email and any files transmitted with it are
> > confidential and intended solely for the use of the
> > individual or entity to whom they are addressed. If
> > you have received this email in error please notify
> > the system manager. Please note that any views or
> > opinions presented in this email are solely those of
> > the author and do not necessarily represent those of
> > the company. Finally, the recipient should check
> > this email and any attachments for the presence of
> > viruses. The company accepts no liability for any
> > damage caused by any virus transmitted by this
> > email.
> >
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
>
>





More information about the VPN mailing list