Networking remotely.

Discussion in 'Computers' started by Mark Giles, Oct 14, 2005.

  1. Mark Giles

    Mark Giles Second Unit

    Joined:
    Aug 30, 2002
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    0
    Ok, lets start this off simple by me asking, what's the easiest way to network the following setup.

    3 computers at location A

    1 Computer at location B

    1 Computer at location C


    All that's needed is that I share basic quicken files and other 'my docs' files with everyone on the network (all 5 computers). Oh, and one main printer at location A. Pretty straight forward.

    So, what is the easiest way to setup this network using XP Home? I've never setup a network with computers at remote locations but have setup several networks that are physically connected within on location. So my two main concerns is reliability and security. I want this to be as reliable as if the computers were in the same room, because from what I understand, location B or C could be unmanned so I just want to ensure that as long as the comptuers are on, file access shouldnt be a problem. The other issue being security is, this business handles a lot of confidential information and by networking remotely, I just want to make sure only people in the company can access the other computers at any given time.

    Any information on this would be appreciated.
     
  2. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Trophy Points:
    0
    Do you have static IP addresses? If not this may be more difficult and may require using something like LogMeIn or GoToMyPC.

    I would look at routers that allow VPN (virtual private network). Linksys makes some inexpensive routers that use VPN. VPN will give you the security you're looking for.

    I must ask, however, why the company is using XP Home is security and confidentiality are very important. XP Home lacks many of the security features in XP Pro. Also, I'm not sure how much networking trouble you might have with Home. I've only used it once and didn't have to do any networking, so I'm not sure if it's lacking in that area or not.
     
  3. Mark Giles

    Mark Giles Second Unit

    Joined:
    Aug 30, 2002
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    0
    Ok, static IP's on each computer and the router is very doable. I would just the router at location "A" correct?

    Win XP is a question cause that means $80.00 (the cheapest I can find for a legal copy) a pop for each computer. I am checking with the business right now to see if they want to do that. But I'm sure I can talk them into the importance of it.

    So just setting up a VPN using L2TP is the way to go huh? I'm assuming it's pretty self-explanatory after that for someone that has setup home networks before?
     
  4. Mark Giles

    Mark Giles Second Unit

    Joined:
    Aug 30, 2002
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    0
    Oh, and they already have a Linksys WRT54G wireless router with "VPN pass-through". Is this what I'm looking for?
     
  5. Mark Giles

    Mark Giles Second Unit

    Joined:
    Aug 30, 2002
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    0
    Ok...so the router I just posted is probably worse huh? Which router do you recommend?
     
  6. Mark Giles

    Mark Giles Second Unit

    Joined:
    Aug 30, 2002
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    0
    Ok, gotcha on the other routers and VPN.

    I'm going to try one of the linksys routers you mentioned. Am I correct in assuming I only need the one router that location A? And the other 2 which are at two seperate homes can be hooked straight thru a cable modem to access the network thru the net?

    When I looked up the information on the Linksys BEFSX41, it said it only supported 2 VPN tunnels. Does this mean only two active computers? Or can I indeed link the three local computers together and 2 remote computers?

    Let me run my gameplan game.

    Install XP Pro on all 5 puters.

    Install the Linksys BEFSX41 at location 'A'.




    One last question....lets say at location 'B'(home), wants to have the wirelss linksys 54G router for laptops to access the net. Will this impose any problem with security just for that location to utilize the cable modem to access the interet thru the wireless router? Now let say they want to gain access to the companies files wirelessly at location 'B'. Will that be a problem?
     
  7. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    Another option if you can get your hands on old PC's that have been pensioned off as being too slow for normal work is to run firewall/router software on those. In your case you'd need three of them, so this might not be the most cost effective solution if you don't have those machines...

    Still, any old piece-o-crud PC with a CD-ROM-drive and a floppy drive (yank the harddrives if any are in them) will give you a really great, reliable firewall/router solution if you add m0n0wall and an extra ethernet card if it only has one (you need one for the external and one for the internal interface.)

    Basically, what you do is download the CD-ROM ISO (image) file of m0n0wall, burn that to a CD and insert a freshly formatted floppy drive in the machine. The firewall will boot of the CD and save settings to the floppy resulting in a nice quiet firewall.

    m0n0wall has tons of great features like IPSec VPN's built in and should work very nicely to create some VPN's for you. Great software, and the resulting router is rock-solid and performs great.

    As I said though this obviously requires that you can lay your hands on the hardware basically for free for it to be the most attractive option, but thought I'd mention it.
     
  8. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    2 VPN tunnels means two separate locations can have tunnels going to it at once. This means it will work for you but give you no expansion possibilities in the future short of replacing the router.

    Basically, a VPN is an encrypted "tunnel" from one router to the other, connecting the two networks. What is then installed "inside" the router doesn't matter, you could have 250 machines behind each router if you wanted, you'd still only have the one virtual private network tunnel between the routers.

    You need three of these "natively" VPN capable routers, one in each location, not just routers with VPN passthrough. Each of the three locations must have a router with real VPN capability, that is. See this nice page at Toms Networking if this is not entirely clear.

    You do open up for some security issues if you add wireless networking to the mix. It becomes very important to secure the remote location at that point.

    Basically, if you have a wide-open unencrypted wireless setup in one of the remote locations, anybody can just connect to the wireless network there and have a direct line straight to the five machines that are in the central location through the VPN.

    Thus, you need to make sure the remote location that has a wireless router has WPA encryption turned on and that they use a serious long passphrase. This wireless router obviously must have VPN built-in too, not just VPN passthrough.
     
  9. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Trophy Points:
    0
    The XP Pro thing may not be absolutely necessary. Keep in mind that Vista is coming out late 2006, so if you don't absolutely need XP Pro, then you might wait to upgrade later. I'm only saying this because I'm the one who brought up XP Pro and nobody else has mentioned it.

    You'll need 3 VPN routers. Also, it's ok to do wireless networking, just be smart about it. Do a search here to get a run down of the needed security features. Few if any are default, so you'll need to make sure they're all implemented immediately. Quickly, here's what you should do:

    Enable MAC Address filtering
    Turn OFF the SSID broadcast
    Use WEP (128-bit) or WPA depending on your equipment (WPA is preferred)

    I also like to limit the number of IP addresses my wireless access point is allowed to give out (if I'm using DHCP) or simply assign static addresses only.
     
  10. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    For company use, MAC filtering and SSID broadcast disabling is completely ineffective and adds administration overhead, so don't bother with those.

    Absolutely do not purchase any WLAN gear that cannot do WPA, nothing else is even remotely secure. WEP is crackable in literally seconds.
     
  11. Francois Caron

    Francois Caron Cinematographer

    Joined:
    Jul 31, 1997
    Messages:
    2,143
    Likes Received:
    0
    Trophy Points:
    0
    Real Name:
    Francois Caron
    How about a software VPN solution? OpenVPN at http://www.sourceforge.net is free, but it does require a bit of work to set it up just right. Excluding configuring the software (a subject on its own), you need to:

    1 - Set up a free account at http://www.dyndns.org which will be used to maintain an entry point to one of the machines at "A".
    2 - On the router at "A", you'll need to redirect a port chosen at random to one of the machines at that location, preferably one with a locally assigned static IP (DHCP turned off).
    3 - On that dedicated machine, install the DynDns Updater software so that it can update your account at DynDns.org with your router's TCP/IP address assigned by your ISP.

    You now have:

    - A fixed domain name to be used by machines "B" and "C".
    - A direct path from the Internet to one of the machines at "A" via a single open port.
    - A program that will maintain your account at DynDns.org with the current TCP/IP address of your Internet connection.

    Your chosen computer at "A" now behaves as if it has its own fixed IP address on the Internet. You can now install and configure OpenVPN to run as a server at "A", and as a client at "B" and "C", using the domain name from dyndns.org as a destination address. Once your clients connect to the server, they will act as if they're all connected on the same office network.

    We use this at our offices with full encryption. We're a small installation and don't require an elaborate and expensive hardware solution. Also, we ran in a situation where the router we selected (Linksys BEFSX41) was incompatible with one of our employee's ISP. The OpenVPN software solution resolved all those problems without it costing us a dime.
     
  12. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Trophy Points:
    0
    I certainly understand that MAC address filtering only stops script-kiddies, but there's really no reason not to do it. Administrative overhead? Sure, in a large company. But he's got five computers spread out over 3 locations. That's closer to a home setup than a large business.
     
  13. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    The good part about having routers (either bought or built with m0n0wall, Smoothwall or some such on a PC) is that the users have to do nothing to their computers. This makes life easier for the person administering the stuff.

    That said, OpenVPN is a perfectly legitimate way to set up VPN's, and is definitely an option to consider.
     
  14. Mark Giles

    Mark Giles Second Unit

    Joined:
    Aug 30, 2002
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    0
    OK, thanks guys. The business didnt get the lease on the building I called location A. But they are working on getting another place. We'll see how that works out and I'll check back here on this. Thank you again!
     

Share This Page