Is there _any_ open source firewall solution that provides VPN endpoints
with dynamic IPs, and supports Microsoft (or free) VPN clients for Windows
I've been asked to build a software firewall for a small business network.
I can't seem find anything Linux (or equiv.) based, that meets my needs,
- it should provide NAT service for outbound connections, although I do NOT
need it to provide DHCP or DNS services. So far no problem. Smoothwall,
e.g., handles this nicely.
- must act as a VPN endpoint (i.e., NOT passthrough) for the local network,
providing remote access for remote Windows XP Pro workstations using
Microsoft VPN clients.
- must support VPN with dynamic IP on both ends. Most Linux firewalls only
support IPsec, and hence static IPs; I think we're down to PPTP and L2TP.
This blows it for ITShield, too; for some crazy reason, even though it
supports PPTP, it requires a static IP. Those things ain't cheap.
- do NOT want to use pinholes or VPN pass-through; i.e., no direct access
to internal systems by any clients not authenticated to the firewall. I
can buy a cheap hardware firewall if I'm just going to poke holes in it.
- must be quick and easy to set up. The client won't pay for a day's worth
of my time to figure out unmaintainable patches, scripts, etc.
What I really want is an 386 ISO image with PoPToP already incorporated, I
think. Nothing of the sort seems to exist.
Before people rag on me about PPTP security, let's be clear about whether
we're talking about PPTP v1 or v2; it makes a big difference. With a
firewall endpoint, I control the passwords; they're good, and used nowhere
else. And if anybody's got a better solution for dynamic IPs, I'm
BTW, there's one other solution I might possibly use in this situation: an
HTTP/HTTPS inbound proxy server -- since all I _really_ need right now is
to allow secure remote access to a web-based app running on a Win2K server.
Do such beasts really exist, or would I need some sort of stateful
inspection? Using MS' IIS on that server is not an option I want to think
K&M Systems Integration