Operating System - Linux
1828411 Members
3477 Online
109977 Solutions
New Discussion

IPsec VPN with Windows AD authentication

 
SOLVED
Go to solution
Jong Kim_1
Advisor

IPsec VPN with Windows AD authentication

I have Fedora core 2 on HP proliant DL360 with 2 Xeon 2.8Ghz, 2GB memory and 2 36G ultra 320 SCSI on RAID1 with one public IP on NIC1 and one private IP on NNIC2. I am trying to set up a VPN server(IPsec) that authenticates with Win2K AD. I tried with FreeSwan. Thay have a lot of stuff for 2.4 kernel but not much for 2.6 kernel. Didn't work by the way(I am sure I am doing something wrong. And I tried using open LDAP but it locks up fedora and takes a couple of hours to boot up so I ried using Winbind but does not work either.
Do you have any reccomendations on how to configure the system I am trying to build?
How I should modify configuration files and stuff? help!!
5 REPLIES 5
Steven E. Protter
Exalted Contributor

Re: IPsec VPN with Windows AD authentication

Use the Fedora box to forward VPN ports to the internal Windows VPN box.

If the box runs Windows 2003 Server you will need to find a way to get a certificate from that box to your clients.

If you are interested in a iptables port forward setup, I can provide configuration files.

The basic setup is in my itrc profile the Linux VPN questions of June-July 2004.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jong Kim_1
Advisor

Re: IPsec VPN with Windows AD authentication

Thank you.
I am so very interested in iptable file. Funny thing is that we don't have VPN server. We have Cisco router acting as VPN server and permitted users are hard coded in there. So I was wondering if fedora can authenticate users by reading user info from Windows AD. Our DC's are Win2K adv. servers. And cisco router is doing PPTP. not much encryption there.
Steven E. Protter
Exalted Contributor
Solution

Re: IPsec VPN with Windows AD authentication

I was not personally satisfied with the available Linux VPN solutions. Windows 2000 Advanced Server and Windows 2003 Server both have built in VPN server setups.

You will need to install the Certificate serveron 2003 and set up and deliver a certificate to all clients to make that setup work.

Here is the forwarding code.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624078

Here is a lot of relavent information on the Microsoft issues:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624076

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jong Kim_1
Advisor

Re: IPsec VPN with Windows AD authentication

Thank you so much SEP.
I understand it a lot better now.
Steven Coutts_1
Occasional Contributor

Re: IPsec VPN with Windows AD authentication

Have a look at openvpn (openvpn.sourceforge.net). IPSec is overly complicated and the built in VPN stuff in MS is horrible. I believe this can authenticate to AD, however I haven't ever used this.