[ILUG] Full secure remote access
dj193 at eircom.net
Tue Oct 26 12:47:45 IST 2004
The daily commute to work is really, I mean **really** getting painful.
I'd rather do anything but sit in a non-moving vehicle on a road. I
can do most work remotely but have not got round to setting up a
suitable system to allow it. Since, the summer hols ended, my
motivation has somewhat increased!
There are others in my company who would benefit from this also, so I am
planning on setting up a system that will allow everyone to have the
same access to the services on our network as if they were in the
office, but connecting from a remote location.
The type of connectivity required would be:
1. receive an ip address from our company dhcp server
2. log onto our windows nt domain and map the drive shares associated
with their profile
3. have full ssh/telnet/ftp access to the various servers that they
would have when in the office
4. access the corporate lotus notes email server
5. (optionally) have internet access via the corporate proxy server
6. (optionally) print to office printers (i know, they would not be in
the office, but we have an app that prints reports from local PC's to a
particular printer that is checked regularly by a member of staff)
7. map drives from company servers over samba and/or nfs
8. vnc/netop access to pc's and servers
9. Allow setup of multiple vpns from various sources, e.g. remote PC's,
servers (with various OS's), customers proprietory devices, e.g. Cisco,
etc. with control over what each vpn can access on our LAN.
All the above access would need to be over a secure internet connection,
with very good authentication of clients coming in.
It would need to have very strong firewall capabilities, as i would
envisage this replacing our aging pix firewall device, and become our
The gateway device allowing this access would be connected to the
internet via ethernet, but also have a modem for backup to dial in.
Separate ethernet interfaces would be used for DMZ and local LAN.
My Linux preference is Mandrake, and we have some desktop and several
servers using it. I would therefore very much like to be able to use
MNF for this purpose, but will gladly try anything that will work. I
have no experience of MNF yet, and only installed it this week to have a
quick look. Some MNF mailing lists say it is not capable of all of the
above, but I'm waiting on some more specific info.
The requirements above are probably a bit too ambitious, but that would
be the ideal scenario. I've heard of OpenVPN, and it looks very good,
but i have no experience with it.
I'd appreciate any opinions or advice on the above to get me started.
More information about the ILUG