is there any possibility to do this on cent os
for example company one will be in the block of 10.0.0.0.1-10.0.0.255 and routed to the one of my external ip company two will be in the block of 11.0.0.0.1-11.0.0.255 and routed to the one of my external ip
i just need an advice is this better on windows vpn or llinux vpn server do you advice me any server software like open vpn or sth. else
thank you very much i am glad for all your help i will rent a new server after complete a working system on virtual machine thanks ..
cahit Eyigünlü wrote:
is there any possibility to do this on cent os
for example company one will be in the block of 10.0.0.0.1-10.0.0.255 and routed to the one of my external ip company two will be in the block of 11.0.0.0.1-11.0.0.255 and routed to the one of my external ip
I am not sure what you mean by 'routed to one of your external ip addresses'.
so, you are at a third site, and want a tunnel to both companies networks?
btw, I know those are just example addresses, but 11.x.x.x is not a reserved network instead, that should be 10.1.0.xxx or something.
i just need an advice is this better on windows vpn or llinux vpn server do you advice me any server software like open vpn or sth. else
assuming its a routing that makes logical sense, it should be easy to implement with OpenVPN. you'd need a firewall running openvpn at each of those companies then your end could inititate the connections to each of them. I'm not sure why you'd have to use two internet addresses at your end, rather, you'd just have an net like 10.2.0.xxx and the VPN tunnels would route between those networks. I'm assuming company 1 and company 2 don't want any direct routing between them, so you'd have to make sure you're not providing that route (eg, 10.0.0.xxx should not have a route to 10.1.0.xxx or visa versa)
as far as 'better'? better is what you or the people who will be administrating this is most familar with. often, easiest is to use VPN appliance routers, like watchguards, or netscreens as the firewalls at all these sites.
Unfotunately i have to solve this based on software i need to isolate each company to protect their info from others i have 3 companies and last one thing i need to see each company's traffic statics for long time periods. and i need to be able to limit their traffics that is all , but as i see on open vpn i could not group users.i have a cisco router which i could see the traffic of my servers external ip addresses so i decide to see them from there via giving each company one external ip to connect to internet . but i could not decide yet how to do it :) is there any body have an advice for me ?
2010/4/10 John R Pierce pierce@hogranch.com
cahit Eyigünlü wrote:
is there any possibility to do this on cent os
for example company one will be in the block of 10.0.0.0.1-10.0.0.255 and routed to the one of my external ip company two will be in the block of 11.0.0.0.1-11.0.0.255 and routed to the one of my external ip
I am not sure what you mean by 'routed to one of your external ip addresses'.
so, you are at a third site, and want a tunnel to both companies networks?
btw, I know those are just example addresses, but 11.x.x.x is not a reserved network instead, that should be 10.1.0.xxx or something.
i just need an advice is this better on windows vpn or llinux vpn server do you advice me any server software like open vpn or sth. else
assuming its a routing that makes logical sense, it should be easy to implement with OpenVPN. you'd need a firewall running openvpn at each of those companies then your end could inititate the connections to each of them. I'm not sure why you'd have to use two internet addresses at your end, rather, you'd just have an net like 10.2.0.xxx and the VPN tunnels would route between those networks. I'm assuming company 1 and company 2 don't want any direct routing between them, so you'd have to make sure you're not providing that route (eg, 10.0.0.xxx should not have a route to 10.1.0.xxx or visa versa)
as far as 'better'? better is what you or the people who will be administrating this is most familar with. often, easiest is to use VPN appliance routers, like watchguards, or netscreens as the firewalls at all these sites.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
2010/4/10 cahit Eyigünlü cahit.eyigunlu@gmail.com:
Unfotunately i have to solve this based on software i need to isolate each company to protect their info from others i have 3 companies and last one thing i need to see each company's traffic statics for long time periods. and i need to be able to limit their traffics that is all , but as i see on open vpn i could not group users.i have a cisco router which i could see the traffic of my servers external ip addresses so i decide to see them from there via giving each company one external ip to connect to internet . but i could not decide yet how to do it :) is there any body have an advice for me ? 2010/4/10 John R Pierce pierce@hogranch.com
Solution is static routing tables and openvpn site-to-site tunnel.
-- Eero, RHCE
I will check this out thank you so much
2010/4/10 Eero Volotinen eero.volotinen@iki.fi
2010/4/10 cahit Eyigünlü cahit.eyigunlu@gmail.com:
Unfotunately i have to solve this based on software i need to isolate each company to protect their info from others i have 3 companies and last one thing i need to see each company's traffic statics for long time periods. and i need to be able to limit their traffics that is all , but as i see on open vpn i could not group users.i have a cisco router
which
i could see the traffic of my servers external ip addresses so i decide
to
see them from there via giving each company one external ip to connect to internet . but i could not decide yet how to do it :) is there any body have an advice for me ? 2010/4/10 John R Pierce pierce@hogranch.com
Solution is static routing tables and openvpn site-to-site tunnel.
-- Eero, RHCE _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
i am looking to open vpn remote page now do you know where could i set client's sites that allow to connect or not ?
10 Nisan 2010 13:36 tarihinde cahit Eyigünlü cahit.eyigunlu@gmail.comyazdı:
I will check this out thank you so much
2010/4/10 Eero Volotinen eero.volotinen@iki.fi
2010/4/10 cahit Eyigünlü cahit.eyigunlu@gmail.com:
Unfotunately i have to solve this based on software i need to isolate each company to protect their info from others i have 3 companies and last one thing i need to see each company's traffic statics for long time periods. and i need to be able to limit their traffics that is all , but as i see on open vpn i could not group users.i have a cisco router
which
i could see the traffic of my servers external ip addresses so i decide
to
see them from there via giving each company one external ip to connect
to
internet . but i could not decide yet how to do it :) is there any body have an advice for me ? 2010/4/10 John R Pierce pierce@hogranch.com
Solution is static routing tables and openvpn site-to-site tunnel.
-- Eero, RHCE _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
2010/4/10 cahit Eyigünlü cahit.eyigunlu@gmail.com:
i am looking to open vpn remote page now do you know where could i set client's sites that allow to connect or not ?
err.
See documentation at http://www.openvpn.net or hire network consult?
-- Eero, RHCE
i am looking to open vpn remote page now do you know where could i set client's sites that allow to connect or not ?
I can't remember if there are other controls, but AFAIK the primary method of saying who is allowed is via certificates that you create when setting it up.
It is still unclear to me what you are trying to achieve.
Is it that you have three sites...
A <-> B <-> C
where <-> represents the VPN link? Is it that A needs to talk to B, B to C, but you don't want A to talk to C? If that is the case, I think it needs to be solved with a combination of VPN's as described and Iptables to stop the A to C conversation..
yes exactly that is what i need to do murrayei could you describe a little more
2010/4/10 Ian Murray murrayie@yahoo.co.uk
i am looking to open vpn remote page now do you know where could i set
client's sites that allow to connect or not ?
I can't remember if there are other controls, but AFAIK the primary method of saying who is allowed is via certificates that you create when setting it up.
It is still unclear to me what you are trying to achieve.
Is it that you have three sites...
A <-> B <-> C
where <-> represents the VPN link? Is it that A needs to talk to B, B to C, but you don't want A to talk to C? If that is the case, I think it needs to be solved with a combination of VPN's as described and Iptables to stop the A to C conversation..
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
yes exactly that is what i need to do murrayei could you describe a little more
If 'B' in my previous description is a single machine, need not route and the A to C issue goes away.
My OpenVPN/Iptables skills are not strong enough to describe it in general terms and has been previously stated, you are better off going through the support channels of OpenVPN, rather than CentOS. If simple firewalling using Iptables is a new or a difficult concept, then you might want to get some hands-on help, as was also suggested.
To answer your original question, though, I wouldn't know where to start to solve restriction of "A to C" using Windows, whereas I am pretty sure you will have all the tools you need under CentOS/OpenVPN... for free.
i mis understood sorry A B and C are companies not alone computers and they have client computers
2010/4/10 Ian Murray murrayie@yahoo.co.uk
yes exactly that is what i need to do murrayei could you describe a little more
If 'B' in my previous description is a single machine, need not route and the A to C issue goes away.
My OpenVPN/Iptables skills are not strong enough to describe it in general terms and has been previously stated, you are better off going through the support channels of OpenVPN, rather than CentOS. If simple firewalling using Iptables is a new or a difficult concept, then you might want to get some hands-on help, as was also suggested.
To answer your original question, though, I wouldn't know where to start to solve restriction of "A to C" using Windows, whereas I am pretty sure you will have all the tools you need under CentOS/OpenVPN... for free.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
cahit Eyigünlü wrote:
yes exactly that is what i need to do murrayei could you describe a little more
you either need to learn wide area networking principles as well as the ins and outs of VPN software, so you can solve these problems yourself, or hire someone so qualified if you want specific solutions. over and over again, you are asking this list to solve your business problems, for which you are presumably being paid.
Thank you so much
2010/4/10 John R Pierce pierce@hogranch.com
cahit Eyigünlü wrote:
yes exactly that is what i need to do murrayei could you describe a little more
you either need to learn wide area networking principles as well as the ins and outs of VPN software, so you can solve these problems yourself, or hire someone so qualified if you want specific solutions. over and over again, you are asking this list to solve your business problems, for which you are presumably being paid.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
cahit Eyigünlü wrote:
Unfotunately i have to solve this based on software i need to isolate each company to protect their info from others i have 3 companies and last one thing i need to see each company's traffic statics for long time periods. and i need to be able to limit their traffics that is all , but as i see on open vpn i could not group users.i have a cisco router which i could see the traffic of my servers external ip addresses so i decide to see them from there via giving each company one external ip to connect to internet . but i could not decide yet how to do it :) is there any body have an advice for me ?
I don't understand the role of a vpn here. Normally you would split address ranges and use firewalling (iptables on linux, access control lists on a cisco) on the interfaces where they connect. So your 3 companies would simply be split into different subnets with routing between them blocked on the device where they connect. A VPN is used if you need to connect things through a firewall that would otherwise block it - you might use that for your administrative access through the firewalls of for portions of companies in remote locations.
-
cahit Eyigünlü -
Eero Volotinen -
Ian Murray -
John R Pierce -
Les Mikesell