| Author |
Message |
Robert S
Guest
|
 Posted:
Mon Sep 27, 2004 3:28 am Post subject:
Host VPN Connection |
|
|
I am trying to host a VPN connection at an office. Currently the
office is using Cox cable as the ISP and using a Linksys BEFVP41
router. The Windows 2000 server is acting as a file server and does
not have anything configured on it. I would like to setup a VPN
connection so the users can VPN into the Windows 2000 server from an
outside location.
I talked to Cox and they do not assign static IP addresses. So how do
I connect to it everytime? Does anyone know of anything so it will
keep it's IP Address?
Do I need to setup the server for anything or is it all through the
router BEFVP41? If so how do I setup the router? Does anyone have
any instructions?
Thanks for the help in advanced,
Robert |
|
| Back to top |
|
 |
Guest
|
| Posted:
Mon Sep 27, 2004 8:26 am Post subject:
Re: Host VPN Connection |
|
|
robertstanley@charter.net (Robert S) wrote:
| Quote: | I am trying to host a VPN connection at an office. Currently the
office is using Cox cable as the ISP and using a Linksys BEFVP41
router. The Windows 2000 server is acting as a file server and does
not have anything configured on it. I would like to setup a VPN
connection so the users can VPN into the Windows 2000 server from an
outside location.
I talked to Cox and they do not assign static IP addresses. So how do
I connect to it everytime? Does anyone know of anything so it will
keep it's IP Address?
Do I need to setup the server for anything or is it all through the
router BEFVP41? If so how do I setup the router? Does anyone have
any instructions?
Thanks for the help in advanced,
Robert
|
See if your dynamic ips are tighted to a fixed host name. Many ISPs only
rotate a number ips on a fixed host name for a dynamic client.
If not, use one of the many dynamic ip mapping services such as
www.dyndns.org to specify a host name to your dynamic ips. Note that by
definition IPsec protocols are secure on fixed IPs.
------------------------------------------------
The leader in Green VPN solutions
http://strongsolutions.addr.com/
------------------------------------------------ |
|
| Back to top |
|
|
Joe
Guest
|
| Posted:
Mon Sep 27, 2004 2:01 pm Post subject:
Re: Host VPN Connection |
|
|
Hi,
I would be interested in comments on the following:
What's the issue with IPSec when using a name resolution service (such as
www.dyndns.org) for a dynamic IP compared to a static IP address?
Is the security issue because an 'attacker' could 'dirty' the Name Server
and therefore point one end of the link to another (hostile) endpoint?
In the case of fixed IP addresses it would, presumably, be possible for an
'attacker' to 'dirty' an intermediate router's routing table and have
traffic routed to a hostile destination?
Does having a dynmic IP address affect the level of security (compared to
static IP addresses) if it is assumed the name server and intermediate
routers are not compromised?
| Quote: | If not, use one of the many dynamic ip mapping services such as
www.dyndns.org to specify a host name to your dynamic ips. Note that by
definition IPsec protocols are secure on fixed IPs. |
|
|
| Back to top |
|
|
Guest
|
| Posted:
Mon Sep 27, 2004 2:41 pm Post subject:
Re: Host VPN Connection |
|
|
| Quote: | If not, use one of the many dynamic ip mapping services such as
www.dyndns.org to specify a host name to your dynamic ips. Note that by
definition IPsec protocols are secure on fixed IPs.
|
"Joe" <ffffh.no.spam@hotmail-spammers-paradise.com> wrote:
| Quote: |
I would be interested in comments on the following:
What's the issue with IPSec when using a name resolution service (such as
www.dyndns.org) for a dynamic IP compared to a static IP address?
Is the security issue because an 'attacker' could 'dirty' the Name Server
and therefore point one end of the link to another (hostile) endpoint?
In the case of fixed IP addresses it would, presumably, be possible for an
'attacker' to 'dirty' an intermediate router's routing table and have
traffic routed to a hostile destination?
Does having a dynmic IP address affect the level of security (compared to
static IP addresses) if it is assumed the name server and intermediate
routers are not compromised?
A few comments are herely provided to your invitation. |
You are correct in both regards. Resolve can be poisoned. Routing tables
could be tampered. By using fixed ips, one avoids resolov poisoning.
Routing tables tampering is not as easy as many script kids tend to
think. Folks possessing that skill tend to be good guys.
However, security can be taken gravely or lightly. IT criminals would
spend their time tricking their victims into connectiing to their fake
http(s) sites or makeover email servers than IPsec VPN concentrators.
They dont get much for committing that "tricking people into connecting
to my IPsec VPN server" crime. ;-)
------------------------------------------------
The leader in Green VPN solutions
http://strongsolutions.addr.com/
------------------------------------------------ |
|
| Back to top |
|
|
Robert S
Guest
|
| Posted:
Mon Sep 27, 2004 9:42 pm Post subject:
Re: Host VPN Connection |
|
|
I could use a service that will fix not having a static IP. The
security issue I was thinking about is having it password protected,
if you have other ways to make it secure that would be great. I want
to make it as secure as possible.
So if i use www.dyndns.org that will be fine. But how do I setup the
router and is there anything I need to do with the server?
Thanks for the help. |
|
| Back to top |
|
|
Joe
Guest
|
| Posted:
Tue Sep 28, 2004 4:44 am Post subject:
Re: Host VPN Connection |
|
|
ok, thanks for the confirmation.
<INVALID@google.com> wrote in message
news:i9qfl09l0i6jd2vhcegm0nucseoorkmpj5@4ax.com...
| Quote: | If not, use one of the many dynamic ip mapping services such as
www.dyndns.org to specify a host name to your dynamic ips. Note that by
definition IPsec protocols are secure on fixed IPs.
"Joe" <ffffh.no.spam@hotmail-spammers-paradise.com> wrote:
I would be interested in comments on the following:
What's the issue with IPSec when using a name resolution service (such as
www.dyndns.org) for a dynamic IP compared to a static IP address?
Is the security issue because an 'attacker' could 'dirty' the Name Server
and therefore point one end of the link to another (hostile) endpoint?
In the case of fixed IP addresses it would, presumably, be possible for
an
'attacker' to 'dirty' an intermediate router's routing table and have
traffic routed to a hostile destination?
Does having a dynmic IP address affect the level of security (compared to
static IP addresses) if it is assumed the name server and intermediate
routers are not compromised?
A few comments are herely provided to your invitation.
You are correct in both regards. Resolve can be poisoned. Routing tables
could be tampered. By using fixed ips, one avoids resolov poisoning.
Routing tables tampering is not as easy as many script kids tend to
think. Folks possessing that skill tend to be good guys.
However, security can be taken gravely or lightly. IT criminals would
spend their time tricking their victims into connectiing to their fake
http(s) sites or makeover email servers than IPsec VPN concentrators.
They dont get much for committing that "tricking people into connecting
to my IPsec VPN server" crime. ;-)
------------------------------------------------
The leader in Green VPN solutions
http://strongsolutions.addr.com/
------------------------------------------------ |
|
|
| Back to top |
|
|
Joe
Guest
|
| Posted:
Tue Sep 28, 2004 5:02 am Post subject:
Re: Host VPN Connection |
|
|
If your router supports one/many of the dynamic DNS sites, then it will have
a setup page where you can give it your dynamic dns password and registered
dynamic dns name. choose a strong password (i.e. totally random mixture of
digits, letters, upper case, lower case and symbols and fairly long).
Read the docs for your router and find out which dynamic DNS service it
supports and then go and create an accout with one of them. www.dyndns.org
is free for certain types of account.
Now, each time your router connects to the internet, it will be given a new
IP address by your ISP, the router will then connect to dyndns.org (or
whatever) and say, "It's me, 'myname.whatever.stuff' and this here is my new
IP address". (this assumes that your router is given a public IP address by
your office's ISP and it's not some other device that has the public IP
address assigned to it - if it is, you'll need to do some other things as
well to register your IP address)
Now the other end of your vpn connection can connect to
myname.whatever.stuff a short time (seconds to minutes) later. You might
want to configure the router to keep the internet connection alive.
The other side of the router is connected to your internal network (or
whatever your setup is) and this will also be able to see your server. Now
when a vpn link is established, you should be able to see your sever from
the remoter end of the vpn link. you can user another router or a software
vpn client on the remote end.
"Robert S" <robertstanley@charter.net> wrote in message
news:bafd174a.0409270942.4e6ee8a5@posting.google.com...
| Quote: | I could use a service that will fix not having a static IP. The
security issue I was thinking about is having it password protected,
if you have other ways to make it secure that would be great. I want
to make it as secure as possible.
So if i use www.dyndns.org that will be fine. But how do I setup the
router and is there anything I need to do with the server?
Thanks for the help. |
|
|
| Back to top |
|
|
Guest
|
| Posted:
Wed Sep 29, 2004 4:50 am Post subject:
Re: Host VPN Connection |
|
|
robertstanley@charter.net (Robert S) wrote:
| Quote: | I could use a service that will fix not having a static IP. The
security issue I was thinking about is having it password protected,
if you have other ways to make it secure that would be great. I want
to make it as secure as possible.
So if i use www.dyndns.org that will be fine. But how do I setup the
router and is there anything I need to do with the server?
Thanks for the help.
|
Having dyndns or others to map a host name to your dynamic ip is pretty
safe as said. You may not have to buy a fixed ip if not critical. We
even have built-in dynamic ip mapping service clients in our VPN
solutions.
Professional level IPsec servers all demand either passphrase or
certificate authentification. The problem occurs on the client side.
W2k/XP built-in IPsec clients are convenient but they dont mask and
encrypt the passphrase as do other clients, e.g, PGPnet.
Beyond issues on IPsec VPN, please read the documentation on
www.dyndns.org site about how to setup up mapping clients on
Win/Mac/Unix. It should be very easy and most of them are free of
charge. You dont need to fiddle with your present router.
------------------------------------------------
The leader in Green VPN solutions
http://strongsolutions.addr.com/
------------------------------------------------ |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in