[LARTC] RE: VPN Solution

Rangi Biddle rangi at ngen.net.nz
Tue Nov 21 09:16:25 CET 2006 

Hi Grant,

 

> Is your VPN concentrator / server directly on the internet or is there
some sort of port forwarding going on.  You could use a DMZ, if the machine
in 

> the DMZ had a globally routable IP, i.e. did not use port forwarding of
any sort.

 

Unfortunately the VPN server does not explicitly have a public IP address
that would allow it to receive connections.  At present, the VPN server is
currently sitting behind a DSL router which has a public IP and is receiving
connections via DNAT, in particular port 1723 (PPTP) and protocol 47 (GRE).
The DMZ setup that the DSL router offers is basically having all connections
on the public IP DNAT through to the internal IP address of the VPN server.
I have been able to verify this, as the router itself runs a minimal linux
environment which includes using IPTables for its firewalling capabilities
(D-Link branded DSL router).

 

Also, I have already mentioned that moving to another type of connection
such as fibre isn't an option as I cannot afford a connection of this type
(I live in New Zealand).  Other alternative connections to DSL are not very
affordable and we are very limited to the connection types that we can
choose from.

 

At present the range of connections are as follows:

 

Dial-Up - Far too slow

DSL - Affordable and very quick

ISDN - Far too pricey ($900 per month not including data charges)

Cable - Only available in certain areas in New Zealand

Fibre - Far far too pricey ($1,500 per month - 2 Mbps National / 512k
International)

 

Fibre by far would be the best option as I would receive around 7 public IP
addresses but as you can see from the cost it just isn't very feasible for
only a VPN solution.

 

As you also mentioned in your previous email about the limitation of
IPTables . is there any workarounds such as using the patch-o-matic patches?

 

Any comments/suggestions are welcome from anyone.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20061121/3f341b65/attachment.html

More information about the LARTC mailing list