[VPN] help!: Routing all ports on a 2000/XP/NT based sytem though VPN/SSH + Wireless
cgripp at automotive.com
Tue Nov 26 11:41:37 EST 2002
BTW, the only way to secure the wireless portion is to be running encryption software on the PC using the wireless link. I kind of missed that part in my previous posts.
From: Abram Catalano [mailto:abramcat at yahoo.com]
Sent: Monday, November 25, 2002 3:48 PM
To: Chris Gripp
Cc: VPN at lists.shmoo.com
Subject: RE: [VPN] help!: Routing all ports on a 2000/XP/NT based sytem
though VPN/SSH + Wireless
ahh, that does make more sense. Do you know of a
windows service that does this? I'm not sure if
stunnel is a service or an application...
I'll look into it more. If it is a application rather
than a service (If you have played with it at all),
that probably wouldnt suit my needs for NT login
I know I need to play with stunnel more (or other
clients) not to mention RTFM, but some potential
difficulties I see are that I need to configure the
client's applications to use the tunnel sometimes,
such as when communicating with an exchange server on
the internel network, but also I want the browser to
use its own internet connection (obviously it has one
since it can connect to my internel network) instead
of using my internel network's bandwidth. As I am just
starting out in this field, maybe there is an easy way
to do this, maybe stunnel does it by port? but if not,
I dont really see how windows would know which way to
send the exiting packets...
Any input would be appreciated. I know, I need to do
some research as well, and RTFM :)
Thought I'd put it out to the list first though to
minimize my time spend in potentially the wrong
--- Chris Gripp <cgripp at automotive.com> wrote:
> I think the basice idea here that you may be missing
> is that there is a client device (be it software on
> the windows box or an actual physical device) that
> is doing the encryption. The tunne can be based on
> IP layer only so that ALL traffic is tunnelled. As
> for the return path, the correct routes simply need
> to be on your network to route the return traffic to
> the remote user through the VPN device at your site.
> -----Original Message-----
> From: Abram Catalano [mailto:abramcat at yahoo.com]
> Sent: Monday, November 25, 2002 2:56 PM
> To: vpn at lists.shmoo.com
> Subject: [VPN] help!: Routing all ports on a
> 2000/XP/NT based sytem
> though VPN/SSH + Wireless
> Hello all,
> 2 questions if I may:
> I have a situation where I have an NT domain network
> within a firewall, and I have a workstation outside
> the network, on a public IP somewhere else, and need
> it to both do an NT authentication, and be encrypted
> and able to use the internel nets
> servers/files/printers etc.
> Since the workstation will use many softwares(and
> therefore many different ports) to connect to
> services(servers, deamons) inside the local net, I
> need a way to send all traffic from the NT/XP
> outside the network though a secure tunnel, and/or
> have it create a tunnel for each port that it needs
> communicate with.
> I am a little confused as to how this would work,
> especially incoming packets, how would they get
> back to the port that the client is expecting the
> response on. I expect additional ports would need
> additional tunnels to get this working correctly?
> I can have a linux machine inside dealing with the
> tunnel if need be, since MS trys at true encryption
> seem to be weak if this would help.
> Also, when I have the XP/NT machine outside the
> network start up, I want the tunnel established
> the user logs on, so they can authenticate
> on the internel network.
> My next questions is in regards to wireless, and
> running a secure tunnel though wireless to eliminate
> the need for the proven weak WEP. (by
> airsnort.shmoo.com thanks guys)
> Has anyone done this? Again, I am still confused as
> to how all the ports are routed through the tunnel
> or open tunnels themselves. Especially how to do it
> with windows.
> Any input would be greatly appeciated.
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> VPN mailing list
> VPN at lists.shmoo.com
> This email and any files transmitted with it are
> confidential and intended solely for the use of the
> individual or entity to whom they are addressed. If
> you have received this email in error please notify
> the system manager. Please note that any views or
> opinions presented in this email are solely those of
> the author and do not necessarily represent those of
> the company. Finally, the recipient should check
> this email and any attachments for the presence of
> viruses. The company accepts no liability for any
> damage caused by any virus transmitted by this
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
VPN mailing list
VPN at lists.shmoo.com
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
More information about the VPN