Connect to Watchguard VPN
Matteo Riva wrote:
Hello, this is the first time I have to use a VPN so I need basic
information on how to do it. I need to connect to a Watchguard VPN but
the admin only sent me details for windows so I'm kinda clueless.
What packages should I use? What specific details should I ask the
admin? I already asked for specific instructions but it could take time
and I'd like to speed things up a little if I can, and learn something
in the process too.
The most important thing you need to know is which type of VPN it is.
The Microsoft world uses three main types: PPTP, L2TP and IPSec. The
first two are proprietary Microsoft protocols, but are well enough
understood that they are de-facto standards. IPSec is an old standard
and is very widely used for site-to-site VPNs, normally between
perimeter firewalls or routers. IPSec uses the IP addresses of the
endpoints for the encryption process, and so doesn't work by itself
through NAT. There are various bodges to help matters, but IPSec is only
really appropriate between routable IP addresses, not to or from
machines behind NAT.
Since the Watchguard device is probably a perimeter firewall, it could
well use any of these protocols, or OpenVPN. If you've been given
Windows instructions, that suggests the VPN client will normally be a
workstation, so probably PPTP, or just possibly L2TP. There is a PPTP
client, pptp-linux, and at least one GUI wrapper for it. The most basic
encryption for PPTP is MPPE, a Microsoft protocol, but included in
kernels since early 2.4, I think. Quite exotic encryption and
authentication is possible even with PPTP, but rarely used as it is a
bit of a pig to get working. The default XP VPN client is PPTP, and the
default settings are usually used. If it is PPTP, and you have egress
filtering on your workstation or network, you need to pass TCP port 1723
and *IP protocol*, not port, 47.
I can't be of much more help, as it is some time since I used VPN much,
and then it was to connect to Windows servers.
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org