[afnog] Re : Site-to-site VPN

[Makan SIMAGA]

Hi Chris,

Thank you for your help.

About the authentication mechanism, I want to oblige my domain users to enter their username/password when they want to connect to the VPN.
This case is for my second site users. the first site is the main site and users doesn't need to connect with VPN.

 Makan SIMAGA




________________________________
De : Chris Wilson <chris at aptivate.org>
À : Makan SIMAGA <makansimaga at yahoo.fr>
Cc : afnog at afnog.org
Envoyé le : Mar 1 Décembre 2009, 12 h 17 min 14 s
Objet : Re: [afnog] Site-to-site VPN

Hi Makan,

On Tue, 1 Dec 2009, Makan SIMAGA wrote:

> I want to connect two site with a VPN but I hesitate between  IPcop with
> openvpn addon and a debian box with openvpn package.

I'm pretty sure you'll find IPcop much easier to start with. Configuring a 
VPN in a standard Unix, including Debian, without a GUI is hairy in the 
extreme.

> Is it possible to authenticate my active directory domain users during their
> connexion?

What do you mean? You want to authenticate them to allow them to connect 
to the VPN, or authenticate them to log onto their machines when the 
machine is offsite and connected via the VPN, or to authenticate to 
services carried over the VPN, or something else?

> What technology is the most appropriate in my case IPsec VPN or SSL VPN?

Depends what you want to carry over it. SSL is much easier to set up on 
the clients, but only carries TCP connections (efficiently), so no voice, 
and domain browsing will be difficult over SSL.

Cheers, Chris.
-- 
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES

Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20091201/917182d1/attachment.htm>