Help & FAQs    Search BCF    Members    Groups    Events Calendar
Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


IP to IP Tunneling Software?

 Reply to topic
Bike Chat Forums Index -> The Geek Zone
View previous topic : View next topic  
Author Message

MarkJ
World Chat Champion



Joined: 11 Apr 2006
Karma :
PostPosted: 11:28 - 25 Oct 2010    Post subject: IP to IP Tunneling Software? Reply with quote
Hi,
I've recently set up a VPN connection for users to connect in from home. They connect to the office network and then work on a computer with terminal services on it.

I want to create an encrypted tunnel between the user at home (on a work laptop) and the terminal services box at work. I had in mind that there's some software where you install the server and create a password/key/certificate, then install the software on the client and specify said password/key/certificate along with the IP address of the server and from then on all traffic is encrypted. I can't seem to find any software like this (might be searching the wrong keywords though).

Has anyone ever used anything like this before?
 Back to top
View user's profile Send private message You must be logged in to rate posts

sweetleaf
Nitrous Nuisance



Joined: 22 Apr 2010
Karma :
PostPosted: 11:45 - 25 Oct 2010    Post subject: Reply with quote
It's been a while since I've done anything with VPNs so may be getting the wrong end of the stick, but surely that's the job of the VPN client software. Although when you say IP to IP it kinda implies to me that you've got host to host VPN rather than client to host?
 Back to top
View user's profile Send private message You must be logged in to rate posts

MarkJ
World Chat Champion



Joined: 11 Apr 2006
Karma :
PostPosted: 12:05 - 25 Oct 2010    Post subject: Reply with quote
Kind of, we're on a massive WAN. The VPN software gives the client an IP on the inside network, but on a different subnet to our office subnet (which is behind a firewall). Traffic to this internal subnet is encrypted by the VPN software, but the final hop from this subnet to our office's subnet is unencrypted.

Supposedly the terminal services client auto negotiates an encrypted session, but I don't particularly trust this, so wanted to create a tunnel so that I know that the final hop from internal subnet > office subnet is encrypted.
 Back to top
View user's profile Send private message You must be logged in to rate posts

Hetzer
Super Spammer



Joined: 19 Feb 2007
Karma :
PostPosted: 12:55 - 25 Oct 2010    Post subject: Reply with quote
Logmein Hamachi is pretty good, me and my brother have used it for a few games.
____________________
"There's the horizon! Ride hard, ride fast and cut down all who stand in your way!"
 Back to top
View user's profile Send private message You must be logged in to rate posts

chrisw
World Chat Champion



Joined: 24 Apr 2006
Karma :
PostPosted: 14:56 - 25 Oct 2010    Post subject: Reply with quote
MarkJ wrote:
Kind of, we're on a massive WAN. The VPN software gives the client an IP on the inside network, but on a different subnet to our office subnet (which is behind a firewall). Traffic to this internal subnet is encrypted by the VPN software, but the final hop from this subnet to our office's subnet is unencrypted.

Supposedly the terminal services client auto negotiates an encrypted session, but I don't particularly trust this, so wanted to create a tunnel so that I know that the final hop from internal subnet > office subnet is encrypted.


I think the question should be why you feel the need to encrypt the data when it's already inside your own network? If the the tunnels land in an area of the network which you feel is too insecure then you would surely want to sort that out rather than patching over it with more tunnels?
 Back to top
View user's profile Send private message Visit poster's website You must be logged in to rate posts

MarkJ
World Chat Champion



Joined: 11 Apr 2006
Karma :
PostPosted: 15:15 - 25 Oct 2010    Post subject: Reply with quote
It's not inside my network though. I work for a very large company who's WAN cover the entire UK and the VPN client gets an IP which can be contacted by thousands of computers on this internal WAN. I can't control this subnet so wanted to encrypt the data as it's sensitive stuff.
 Back to top
View user's profile Send private message You must be logged in to rate posts

chrisw
World Chat Champion



Joined: 24 Apr 2006
Karma :
PostPosted: 15:33 - 25 Oct 2010    Post subject: Reply with quote
MarkJ wrote:
It's not inside my network though. I work for a very large company who's WAN cover the entire UK and the VPN client gets an IP which can be contacted by thousands of computers on this internal WAN. I can't control this subnet so wanted to encrypt the data as it's sensitive stuff.


That still doesn't make much sense. Surely its not 'your' network, it belongs (as does the data transfered over it) to the 'company'. They determine the level of security required based on its sensativity and risk of attack.
If you are having to ask on here about additional levels of security I assume you're not part of the infosec/network security/admin team? In which case why does it concearn you?
I'm not trying to be facetious, I've run into similar problems when working for large organisations and 9/10 its a non-issue as someone else has already made the decisions on approprate levels of security.
 Back to top
View user's profile Send private message Visit poster's website You must be logged in to rate posts

MarkJ
World Chat Champion



Joined: 11 Apr 2006
Karma :
PostPosted: 18:00 - 25 Oct 2010    Post subject: Reply with quote
It's the NHS, and I work for a trust. The WAN is not encrypted (god knows why) so we have to make sure any data going across it is secure enough.

Tis a right PITA sometimes.
 Back to top
View user's profile Send private message You must be logged in to rate posts

chrisw
World Chat Champion



Joined: 24 Apr 2006
Karma :
PostPosted: 18:57 - 25 Oct 2010    Post subject: Reply with quote
MarkJ wrote:
It's the NHS, and I work for a trust. The WAN is not encrypted (god knows why) so we have to make sure any data going across it is secure enough.

Tis a right PITA sometimes.


Laughing Ah, a government department, I should have guessed!

Are you looking for an MS or FOSS solution? Former, have a look at ISA server, the later, something like Vyatta might do the job.
 Back to top
View user's profile Send private message Visit poster's website You must be logged in to rate posts

djr
World Chat Champion



Joined: 09 Nov 2003
Karma :
PostPosted: 21:34 - 25 Oct 2010    Post subject: Reply with quote
Simple soloution - you can setup a vpn server on windows 2000 onwards server, Put that on your internal network, Users then connect from vpn network into your network secure, then they'll be able to access your servers within that and if nessacery get into terminal server.
 Back to top
View user's profile Send private message Send e-mail Visit poster's website You must be logged in to rate posts
Old Thread Alert!

The last post was made 15 years, 120 days ago. Instead of replying here, would creating a new thread be more useful?
  Display posts from previous:   
This page may contain affiliate links, which means we may earn a small commission if a visitor clicks through and makes a purchase. By clicking on an affiliate link, you accept that third-party cookies will be set.

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 
Debug Mode: ON - Server: birks (www) - Page Generation Time: 0.11 Sec - Server Load: 1.56 - MySQL Queries: 14 - Page Size: 64.93 Kb