Slashdot Mirror
Multi-State Family Networking?
Valley Redneck asks: "The last few members of my extended family just entered the 20th century and went to broadband. Now that we're all on-line with small home LANs in place, we'd like to start sharing stuff via a VPN. The only problem is I'm the only marginally tech savvy one in the bunch, and I'd rather not have to hop a plane to configure everyone's box. Any recommendations for a broadband router that supports VPN to use on the mother-ship network that will play nice with all versions of Windows XP SP 2 (Pro, Home and Media Center) and its VPN client?"
Then setup OpenVPN. Clients for everything.
Hardware can be trickey use software Hamachi is a very easy to use very powerfull very secure and it supports windows mac and linux. www.hamachi.cc
just install, and give em a password to your network. even has chat.
-schwal "Hanging is too good for punners, they should be drawn and quoted"
You may not need to bother with hardware VPN devices. There are some reasonable software solutions that can run right on the endpoint computers.
I've heard good things about Hamachi, but I haven't used it myself. I have used OpenVPN, and I love it. It's pretty simple to set up, even using certificate-based authentication and encryption. You can have everyone download and install it themselves, then you can send them configuration files.
Before you do all this, though, there's an important question to ask: Is a VPN worth the additional risks? If all the machines are in a pseudo-local network over the VPN and someone gets a worm, you could all go down together. Unless you're planning to do something which actually requires pseudo-local network access, you might be better off to make whatever you're planning to do be web-based.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
The Linksys 54g with sveasoft firmware. Its easy, fast and you can setup and ship the routers out to whomever you wish.
Hi,
;)
not sure exactly if you want to go the hardware way,
and not sure if what I mention meets your criteria,
but if you can set up a single linux box as a router
some place, that box can run openvpn (server) while
each client can hook up to it with the openvpn client
software (windoze client too
trivial to set up:
http://www.openvpn.org/
cheers,
j
GUI == Graphical User Interference
I haven't used it in a while, but have you investigated Smoothwall linux? It's a linux distribution converts old PCs into very network-capable routers. Not only that, but it's manageable through web and SSH (I believe).
One of the reasons it came to mind is that it supports VPN connections between routers (again, I believe; haven't worked with it in a while). If you've got some spare PCs lying around (usually a prerequisite to reading Slashdot), this might be a great way to get your family networked for free while cleaning out the basement.
Set them up with routers that also do IPSec. This gives them a firewall layer, and allows VPN among the sites (and, potentially client VPN remote access into the sites).
I put a Linksys WRV54G at my parents home for just this sort of thing. Although it took a pretty good amount of tweaking to get everything right, it works well now. It provides NAT firewall service for their network, wireless access for their home, and VPN remote access for me (so I can VNC into their system to provide tech support).
If you have a bigger budget, a cheap sonicwall, netscreen, or Check Point gateway might offer better usability and more features. The Check Point Safe@Office 500W looks like a good candidate.
The last few members of my extended family just entered the 20th century and went to broadband.
I'm confused. Is this the 21st century, or are your kin time travelers?
If you're just sharing files, there is no reason to go with the hassle and expense of setting up a VPN, with its associated security risks. There are any number of options which will work just as well, from using AIM, a traditional file-transfer application, or any number of web services (available free or cheap at your option). Sure, "drag and drop directly in the Windows interface" is an awfully nice feature when you're talking about Mom's digital camera stuff, but there are a few services that even replicate this feature (I once used one which did it via ActiveX control, but don't remember the name -- there are probably a gazillion though).
Help poke pirates in the eyepatch, arr.
Check out http://www.clarkconnect.com/ if you are so inclined at all for a pretty darn good and robust solution in terms of a software approach. It does many things including VPN services.
Fromt TFA:
we'd like to start sharing stuff via a VPN. The only problem is I'm the only marginally tech savvy one in the bunch,
In other words, you decided to share stuff via a VPN. I haveto ask what are you trying to share that can't be shared using simpilar approach (e.g. email)?
If you're the only one with technical expertise, then forget VPN completely, and think about a web based solution. Just set up a site, that only family members have access to, and provide them with web apps that fulfill your "sharing needs" (e.g. Galleria for displaying and sharing photos).
...
Though, no matter what you will do, I can garentee you "support-headaches", I know from experience
I work for a small IT shop and we use linksys RV042 routers that support ipsec vpn's and dyndns. you can set them all do have dyndns accounts, and setup the vpn links on each, then ship them to your family, when the plug them in they register with dyndns, and viola! the vpn just sort of comes together. I've done this for small companies that need a vpn, but can't afford to fly me to some other state, it works great, just make sure each router has a different subnet, and upgrade the firmware before you do anything!
The cheapest solution, with this or any other VPN server, is to simply setup your system to act as a hub and then set everyone else's computers to connect to it with PPTP. Linking together entire networks, while cool, is probably overkill.
I'm running an Ubuntu server, with two disks in a RAID 1 configuration. FTP, Samba local network shares and remote ssh for management. Only problem was finding FTP clients for Windows...I'm using WFTP, but CuteFTP works as well.
Have you considered looking at a PIX 501? :-)
Cisco gear is very stable and can easily be setup to do a fully meshed site-to-site vpn as what you are looking for.
The vpn client is solid and works very good on all versions of windows.
The drawback is the price, starting at ~$300 new, but you can probably find them cheaper elsewhere (Read: eBay)
The cisco box can me managed via ssl and ssh remotely, it can be managed with telnet too, but doing that over the internet would not be a very secure solution. Telnet is EVIL
Its main downside is that it's designed server-client with you being the server, so you become the single point of failure, as well as having to act as proxy for all network traffic -- AFAIK hamachi only uses the central server to start connections, and runs p2p from then on.
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
If all you want to do is share files then you could try using http://gift.sourceforge.net/ and OpenFT. You should be able to set up a private P2P network for sharing files and it could save you some bandwidth if everybody wants to grab the same file.
It's supported by lots of different routers, and I believe contains an openVPN implementation.
Try the FireFTP extension for Firefox.
I've been looking to do something kind of similiar, and have been eyeing up egroupware to do it. Any thoughts?
I have family in 3 different states and 3 different countries. I feel your pain. www.logmein.com Okay, so it's not VPN, but it's a verynice little remote access program. It allows remote access via web browser. The basic version is free. If you want to pay $60 a year for the pro version, it allows you to transfer files.
I just installed it on my families computers, so when they need tech support, I can have them open logmein, and I can just fix their computers remotely instead of talking them through itstep by step. It also allows me to install anti-virus, anti-spy, firefox, etc... We also had a nice long chat about disabling the service unless I specifically call them.
For free file transfers, we use gmail for under 10 MB and you could use Gdrive for anything over that. It's a bit of a hack, but it works. It's not like we're transferring huge DIVX files to each other.
You just need to set up a Clark Connect server as your router. It can also run behind your router. I've used the road warrior VPN with the windows XP client, it works fine.
Don't complicate things, just set this up on your end, enable the road warrior VPN, and pass out accounts to family memebers with instructions for setting up the XP PPTP client.
Cheap storage VM.
FolderShare (http://www.foldershare.com) works perfectly. I use it sync files between my three computers and exchange photos and home movies with my family. It's free, easy to set up and has no file amount restrictions anymore (after MS bought the company behind FS).
At http://www.sslexplorer.com/showSslExplorer.do
All they'll need is an SSL capable browser. You can set up all the accounts and Tunnels for them.
I've used Linksys WRT54GS models (now WRT54GL) reflashed with Sveasoft firmwares running PPTP between my home in Montreal & my home in Boston. They were stable for months on end, allowed me to see file shares, remotely control machines, indeed do everything as if it was a local network. Tech support to family members was trivial, the extra traffic overhead negligible, and using the traffic-shaping features I got better performance out of my broadband connections after installing the routers & adding the 24/7 VPN then I did before without the traffic-shaping. Indeed it made my Vonage service reliable even when I had huge packet-loss for a while (corroded cable connection on the outside of the Boston house.)
As soon as the next version of the Sveasoft firmware is stable I'll be joining into a larger VPN with a bunch of buddies sharing file space for common projects and reciprocal backups.
Oh, and in light of all of the Sveasoft-violates-GPL/I-hate-Sveasoft snarking I find it telling that the Free Software Foundation, holder of the GPL, gave Sveasoft a green light.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
The Free Software Foundation doesn't seem to think they're violating GPL, and they're about as authoritative as one can get.
You can have whatever issues you like, but let's not going around crying "wolf" just because you don't like a model / person / business. GPL violation is a serious charge around here, with a VERY specific meaning, and unless you can back it up I think it would be appropriate if you were to retract that claim.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
All great suggestions. I've got some goof off time this weekend, so I'll take a look at all these, run them through the "can I afford it" and "can they figure out how to do this" filter and get to it.
BTW, I know connecting up all the LANs is a bit over the top, but really, if I can pull this off, how cool would that be? It's good for at least a semi-Ubergeek badge or something...
Linksys makes a very nice firewall/router that allows 2 simultanious VPNs. If there are more than 3 sites you could go for a Smoothwall server using an old PC and 2 nics.
I use Monowall here at home, and it does a good job of managing the PPTP connections. Since you have a PPTP client built into the other Windows machines, just use something like DynDNS and point them to connecting to you.
I wrote a simple tutorial on getting PPTP running with Monowall. I run it on a small solid-state linux box, and it works just great.
Random Musings
FYI, I took several suggestions under advisement, and as of last night, the VPN was up and running, in most cases behind two NAT routers, firewalls, and various other impediments to easy networking. The file transfer speed ain't great, but it's way better than putting it on a zip disk and putting the zip disk in a car. Plus, all my lower-tech users can swap files easily with mapped drives, and I can safely tell them now not to open ANY file attatchments for ANY reason. If it's legit, it'll come over the VPN. Gracias!