Multiple External Interfaces, PPTP & OpenVPN


(JamesMillar) #1

OK! I need to know how well NS is doing with multiple external interfaces and how stable pptp and openvpn are doing. I’d like to sunset my last Zentyal server but this server is my firewall/gateway to the internet. Care must be taken if I were to take it down for a complete O/S replacement. No body likes an unhappy wife when there is no internet access and having to work remote often also makes it a priority to get the new gateway/firewall up and running quickly. I’m not well verse with shorewall firewall so that will be a bit of a stumbling block as I have to re-add/translate all my firewall rules from Zentyal to NS. A quick dump of iptables using iptables -L and iptables -S will help but Zentyal added it’s own chains and I’d have to work around those. I will probably install a separate HD in the gateway/firewall box and set it up that way, and if I’m not finished tweaking it, I’ll disconnect and reconnect the Zentyal gateway. It also allows me a fallback solution.

So, how is everyone’s experience with using more than one external interface? I recently added a wireless adapter to the Zentyal server which connects to my ISP’s wifi. In additional, I have the default eth0 connection to my cable modem. I still need to place wlan0 in a proper location for best reception of course. Zentyal currently is giving my a headache over load-balancing the two external interfaces (this is an OLD Zentyal version 2.2.11 as I’ve never been able to upgrade it).

As for PPTP and OpenVPN, I use OpenVPN for my smart phone. Setting that up is relatively easy. PPTP is used to connect other family networks into mine.

Looking for thoughts and experience. If I don’t use NS I would probably use Webmin.


(Filippo Carletti) #2

The new link monitor setup on QA seems to be a good performer (http://dev.nethserver.org/issues/3289).
This fixes link up/down false alarms on poor quality lines.

PPTP is not available on NethServer, due to protocol insecurity (read: there’s nothing we can do except not using it).


(JamesMillar) #3

That’s disheartening to here that PPTP isn’t supported. Seems the Webmin may be my path, which means a LOT of configuring and tweaking but allows me to get it the way I need it to be without the fear of templates and/or other pre-staged settings to overwrite my specific configuration.


(Filippo Carletti) #4

PPTP is insecure.


(JamesMillar) #5

I understand that, but that is currently the only way the remote networks can connect as that’s the only option in ddwrt for the routers currently being used.