[ILUG] linux vpn, need to tunnel ipx and possibly appletalk?

[Ronan Waide]

On November 14, allmanj at houseofireland.com said:
> First of all, as i understand it, windows file sharing accross networks 
> will require me to set up a "domain master browser" on each network and 
> a wins server? I also gather i can use samba to do this. Am i right in 
> thinking that this wont be too much of a problem?

Depending on your setup. If you're actually running a Windows domain
it can get interesting, but generally speaking Windows will
automatically set up a local browser per subnet (through a voting
process among the machines). My understanding (which may be
incomplete, or incorrect, or both) is that if you have WINS, and
everyone's configured to use WINS, you can happily work cross-subnet
shares, but they won't necessarily show up in the network
neighbourhood. Samba can happily reconcile some or all of these things
depending on configuration.
 
> novell server and use it's services? Has anyone tried this? I dont 
> really understand the role of a "domain master browser". Will it affect 
> the novell network at all?

I dunno about Novell/IPX over tunnels, but I do know that if you've a
spare NT server knocking around you can set up a Novell Gateway on it
that makes it visible as a regular windows fileshare. A Linux box can
also do this using the ipx and ncpfs utils. It's an imperfect
solution, but it does work.

> Making things worse there are a scattering of macs which might need to 
> communicate with each other between networks. They are all running osX, 
> so am i right in thinking that i can get them to use afp/tcp instead of 
> appletalk and that they're not a major concern?

Appletalk is happy to go over TCP, and from talking to an Apple
employee I get the very strong impression that Appletalk over any
other mechanism has been deprecated since MacOS 8.5. netatalk is the
Linux tool that may help out in case of any difficulties here.
 
> Does what i'm suggesting sound feasible? Would it be more hassle than 
> its worth? Has anyone tried anything similar? If anyone can give me 
> advice or suggestions or point me to documents to read so that i can 
> better understand the situation i'd greatly appreciate it. This is a 
> long term project so i'd be happy to do any amount of studying up.

I think it's feasible; I also think, in my limited networking
knowledge, that setting a linux box or boxes up as a bridge over the
encrypted connection might be the easiest (not best) way to make all
these things "just work". You will have latency issues if the VPN is
running over a slow link, though. Especially with Windows.
 
> If the windows domain, apple and novell problems can be solved, can 
> anyone give me a recommendation as to CIPE or FreeS/Wan (or anything 
> else) for this situation? We're talking about two private networks, each 
> with a linux box using NAT to serve as a gateway to the internet. Each 
> of these linux boxes will have a static ip address.

I've been playing with FreeSwan for the last week or so, and it's
pretty easy to set up once you actually read the docs. Also, it's
chock full of debug information for figuring out what you got wrong. I
understand that some of my work colleagues have experience with CIPE,
so one of them may pipe up with more info on that. Personally, I don't
know the first thing about it.

> John

Cheers,
Waider.
-- 
waider at waider.ie / Yes, it /is/ very personal of me.

"GOD LOVES OTHER SELF" - Crazy John