Forgot your password?
typodupeerror

Multi-State Family Networking? 71

Posted by Cliff
from the would-that-then-make-it-a-FWAN dept.
Valley Redneck asks: "The last few members of my extended family just entered the 20th century and went to broadband. Now that we're all on-line with small home LANs in place, we'd like to start sharing stuff via a VPN. The only problem is I'm the only marginally tech savvy one in the bunch, and I'd rather not have to hop a plane to configure everyone's box. Any recommendations for a broadband router that supports VPN to use on the mother-ship network that will play nice with all versions of Windows XP SP 2 (Pro, Home and Media Center) and its VPN client?"
This discussion has been archived. No new comments can be posted.

Multi-State Family Networking?

Comments Filter:
  • Do it in software (Score:5, Informative)

    by Cyberglich (525256) * on Wednesday May 31, 2006 @10:48PM (#15441425)
    Hardware can be trickey use software Hamachi is a very easy to use very powerfull very secure and it supports windows mac and linux. www.hamachi.cc
    • I'm using Hamachi right now with a firend in Brazil, my brother and dad in Virginia, and some friends in the UK. Works great for making games think they are local or something like that. File transfer worked, but had the usual excess amounts of lag I saw using Windows file sharing over networks. Definitely easy to use and to setup.
    • Hamachi allocates IP addresses in the 5.0.0.0/8 range. I have to wonder about it's long term future when they either run out of addresses in this range, or these addresses are used for something else on the internet.
  • hamachi (Score:4, Informative)

    by schwal (836247) on Wednesday May 31, 2006 @10:49PM (#15441437) Homepage
    just install, and give em a password to your network. even has chat.
    • Hamachi's Chat, while no doubt useful, uses UDP, which means you'll end up with a lot of dropped messages. Only in practice its more like LOTS and LOTS of dropped messages. You are best off using third party internet chat or using Hamachi and a TCP LAN chat client. On an unrelated note, Hamachi has allowed me to play Command & Conquer (yes the original) over the interweb!
  • Cool. But why? (Score:4, Informative)

    by peacefinder (469349) * <alan DOT dewitt AT gmail DOT com> on Wednesday May 31, 2006 @10:51PM (#15441444) Journal
    You may not need to bother with hardware VPN devices. There are some reasonable software solutions that can run right on the endpoint computers.

    I've heard good things about Hamachi, but I haven't used it myself. I have used OpenVPN, and I love it. It's pretty simple to set up, even using certificate-based authentication and encryption. You can have everyone download and install it themselves, then you can send them configuration files.

    Before you do all this, though, there's an important question to ask: Is a VPN worth the additional risks? If all the machines are in a pseudo-local network over the VPN and someone gets a worm, you could all go down together. Unless you're planning to do something which actually requires pseudo-local network access, you might be better off to make whatever you're planning to do be web-based.
  • Use.. (Score:2, Interesting)

    by hapoo (607664)
    The Linksys 54g with sveasoft firmware. Its easy, fast and you can setup and ship the routers out to whomever you wish.
    • Re:Use.. (Score:4, Informative)

      by wolrahnaes (632574) <sean@seanharlow.MOSCOWinfo minus city> on Thursday June 01, 2006 @10:38AM (#15444725) Homepage Journal
      gah, no sveasoft!

      We've been through this quite a few times here, but for the benefit of those who missed the great Sveasoft debates, here's a quick summary:

      1. Linksys releases GPL code for WRT54G routers
      2. People start modifying this code
      3. Sveasoft forms a community around a particulat "distro"
      4. Sveasoft starts charging
      5. Sveasoft gets pissed that people are exercising their legal right to share the GPLed software for free
      6. Sveasoft cuts back on source releases, bans anyone who even mentions the GPL on their forums
      7. Sveasoft stops source releases entirely for "test" versions (a.k.a. current, release is the old outdated version)
      8. DD-WRT project starts as fork of last Sveasoft source releases
      9. Sveasoft threatens DD-WRT, calls it a ripoff of their product
      10. DD-WRT developers and community collectively laugh, continue developing and releasing both binaries and source regularly
      11. Sveasoft crawls back in to a hole

      Basically, don't use Sveasoft, and definately don't pay for it. They are repeat GPL violators and do not in any way support the WRT community. Use HyperWRT for basic features, DD-WRT for a fully-featured mega-distro, and OpenWRT for a top-end complete custom build.

      Personally, I run DD-WRT v23 SP1 VoIP edition, and it does an excellent job of both connecting my Xbox to XLink Kai and handling QoS for my IP phones, not to mention all the neat wireless tricks.
      • They are repeat GPL violators

        Citation, please.

        The Free Software Foundation doesn't seem to think they're violating GPL, and they're about as authoritative as one can get.

        You can have whatever issues you like, but let's not going around crying "wolf" just because you don't like a model / person / business. GPL violation is a serious charge around here, with a VERY specific meaning, and unless you can back it up I think it would be appropriate if you were to retract that claim.

        • As the AC mentioned, the FSF judgement was on a related but different issue where they were pulling subscriptions from people who shared their "beta" versions (a.k.a. current).

          I've been banned from the Sveasoft forums, even with no posts at all, just for being a member at the DD-WRT forum, so I can't go do this myself, but if you're a member there just go ahead and ask for source, specifically mentionning their GPL obligations to provide it. See how fast the thread disappears and you get banned.
          • The source for the released version is there.

            The source for the in-development version is not.

            While you may not like this it is acceptable under the GPL.

            As to being banned from the Sveasoft forums, I'm guessing you repeatedly, either ignorantly or maliciously, publicly made your charge. It's a serious one, and one apparently without merit. I'd toss you off also.

            I'm not saying Sveasoft/James is a lovely person, but if you really had a case of GPL violation I think the Free Software Foundation would b

            • If they give me a binary and do not make the corresponding source available, that is a GPL violation. Plain and simple.

              This is exactly the case if someone acquires a paid membership to their site. You get all the binaries you want, but no source. If you ask for source, you get brushed off or banned.

              and yes, I have repeatedly stated this FACT in public, but that is not why I was banned. I operate two mirrors of TheIndividual's Sveasoft firmware repository, which is completely legal (remember, GPL....they
              • If you're so absolutely convinced that your interpretation of the GPL is correct then why isn't the FSF active on this? Is there any possibility that you are incorrect?

                As to your behavior, if you keep accusing a GPL violation and you're wrong, and been corrected, then you are indeed a dick. Making the accusation wherever unsurprisingly leaves you unwelcome on your victim's forums.

                I don't pretend a superior knowledge of the details of the GPL. However it is my understanding that distributing betas, even

                • When the FSF looked in to Sveasoft, they were still distributing source with their binaries, and the complaint was that they were terminating the paid accounts of users who exersized their right to distribute it. In that case, they were perfectly in the right. While going against the spirit of the GPL, legally they were spotless. Many kernel developers agreed with this.

                  Here is the exact wording of the FSF's reply, copied straight from the Sveasoft forums [sveasoft.com]:

                  I see no problems with this model. If the software

                  • The FSF won't take another look at Sveasoft, because they consider it a closed case. They don't seem to understand that the situation has changed since then.

                    The folks I've known as the FSF have been quite bright, quite aware folk,s so I expect if there truly is (now, today) an issue they'd be pursuing it. That they're not speaks far more to me then your asserting over & over that you're right/they're clueless.

                    Furthermore you've yet to make a case that the GPL requires distribution of code for limited

                    • You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

                      a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
                      b) Accompany it with a written offer, valid f

        • Please read
          http://lwn.net/Articles/178550/ [lwn.net]

          "For now, at least. History suggests that Sveasoft will
          continue to push the boundaries of the GPL. Recent history
          also suggests, however, that Sveasoft may become less
          relevant in this area; by many accounts, the fully-free
          alternatives - beyond OpenWRT itself - go beyond the
          Sveasoft offerings in a number of ways."

          Maybe they are not violators technically, but I'd be
          very irritated if I was a customer of their product.
    • Another vote for the Sveasoft solution.

      I've used Linksys WRT54GS models (now WRT54GL) reflashed with Sveasoft firmwares running PPTP between my home in Montreal & my home in Boston. They were stable for months on end, allowed me to see file shares, remotely control machines, indeed do everything as if it was a local network. Tech support to family members was trivial, the extra traffic overhead negligible, and using the traffic-shaping features I got better performance out of my broadband connections

  • openvpn? (Score:2, Informative)

    Hi,

    not sure exactly if you want to go the hardware way,
    and not sure if what I mention meets your criteria,
    but if you can set up a single linux box as a router
    some place, that box can run openvpn (server) while
    each client can hook up to it with the openvpn client
    software (windoze client too ;)
    trivial to set up:
    http://www.openvpn.org/ [openvpn.org]

    cheers,

    j
  • I haven't used it in a while, but have you investigated Smoothwall linux [smoothwall.org]? It's a linux distribution converts old PCs into very network-capable routers. Not only that, but it's manageable through web and SSH (I believe).

    One of the reasons it came to mind is that it supports VPN connections between routers (again, I believe; haven't worked with it in a while). If you've got some spare PCs lying around (usually a prerequisite to reading Slashdot), this might be a great way to get your family networked for fre

    • Smoothwall's okay, so long as you trust it's nutcase project leader. IPCop is a better alternative for those who don't want to run software controlled by a sociopath.
    • I use Monowall here at home, and it does a good job of managing the PPTP connections. Since you have a PPTP client built into the other Windows machines, just use something like DynDNS and point them to connecting to you.

      I wrote a simple tutorial on getting PPTP running with Monowall [cornetdesign.com]. I run it on a small solid-state linux box, and it works just great.

  • VPN Routers (Score:3, Interesting)

    by tji (74570) on Thursday June 01, 2006 @12:55AM (#15442076)
    Set them up with routers that also do IPSec. This gives them a firewall layer, and allows VPN among the sites (and, potentially client VPN remote access into the sites).

    I put a Linksys WRV54G at my parents home for just this sort of thing. Although it took a pretty good amount of tweaking to get everything right, it works well now. It provides NAT firewall service for their network, wireless access for their home, and VPN remote access for me (so I can VNC into their system to provide tech support).

    If you have a bigger budget, a cheap sonicwall, netscreen, or Check Point gateway might offer better usability and more features. The Check Point Safe@Office 500W looks like a good candidate.
    • How does your setup recover when someone's IP address randomly changes?
      • The WRV54G supports dynamic DNS, so it will automatically update the hostname when its IP address changes. I just use that hostname for VPN connections. Although, it really hasn't been an issue, as I don't think the IP address has ever changed.

        The Check Point devices also support Dynamic DNS.
  • by imperious_rex (845595) on Thursday June 01, 2006 @12:56AM (#15442081)
    The last few members of my extended family just entered the 20th century and went to broadband.
    I'm confused. Is this the 21st century, or are your kin time travelers?
  • by patio11 (857072) on Thursday June 01, 2006 @12:57AM (#15442082)
    If you're just sharing files, there is no reason to go with the hassle and expense of setting up a VPN, with its associated security risks. There are any number of options which will work just as well, from using AIM, a traditional file-transfer application, or any number of web services (available free or cheap at your option). Sure, "drag and drop directly in the Windows interface" is an awfully nice feature when you're talking about Mom's digital camera stuff, but there are a few services that even replicate this feature (I once used one which did it via ActiveX control, but don't remember the name -- there are probably a gazillion though).
    • The problem is that it's nicer to browse shared folders than ask people to send stuff. Never tried VPN, but if it's all about sharing files, FTP (with FileZilla server) is my choice. I just make account for whatever I wanna share, give passwords, look at what they're looking at, and laugh at some retards who manually try to break in the inexisting "Administrator" account and scare them off with a mean welcome message.

      Plus you can log to your account on some friend's FTP server from anywhere and nearly any k

  • Check out http://www.clarkconnect.com/ [clarkconnect.com] if you are so inclined at all for a pretty darn good and robust solution in terms of a software approach. It does many things including VPN services.
  • Fromt TFA:

    we'd like to start sharing stuff via a VPN. The only problem is I'm the only marginally tech savvy one in the bunch,

    In other words, you decided to share stuff via a VPN. I haveto ask what are you trying to share that can't be shared using simpilar approach (e.g. email)?
  • by pjay_dml (710053) on Thursday June 01, 2006 @01:11AM (#15442149) Journal
    If you're the only one with technical expertise, then forget VPN completely, and think about a web based solution. Just set up a site, that only family members have access to, and provide them with web apps that fulfill your "sharing needs" (e.g. Galleria [slashdot.org] for displaying and sharing photos).

    Though, no matter what you will do, I can garentee you "support-headaches", I know from experience ...
  • by Anonymous Coward
    I work for a small IT shop and we use linksys RV042 routers that support ipsec vpn's and dyndns. you can set them all do have dyndns accounts, and setup the vpn links on each, then ship them to your family, when the plug them in they register with dyndns, and viola! the vpn just sort of comes together. I've done this for small companies that need a vpn, but can't afford to fly me to some other state, it works great, just make sure each router has a different subnet, and upgrade the firmware before you do an
  • I've been using the Snapgear SG300 for several years now and it handles VPN without difficulties. Private networks can easily be linked with IPSEC and independant computers can be configured to connect with PPTP.

    The cheapest solution, with this or any other VPN server, is to simply setup your system to act as a hub and then set everyone else's computers to connect to it with PPTP. Linking together entire networks, while cool, is probably overkill.

  • I'm running an Ubuntu server, with two disks in a RAID 1 configuration. FTP, Samba local network shares and remote ssh for management. Only problem was finding FTP clients for Windows...I'm using WFTP, but CuteFTP works as well.
  • by mengu (452383)
    Have you considered looking at a PIX 501?
    Cisco gear is very stable and can easily be setup to do a fully meshed site-to-site vpn as what you are looking for.
    The vpn client is solid and works very good on all versions of windows.
    The drawback is the price, starting at ~$300 new, but you can probably find them cheaper elsewhere (Read: eBay)
    The cisco box can me managed via ssl and ssh remotely, it can be managed with telnet too, but doing that over the internet would not be a very secure solution. Telnet is EVI
  • OpenVPN (Score:3, Informative)

    by shish (588640) on Thursday June 01, 2006 @06:55AM (#15443267) Homepage
    I seem many people recommending hamachi; while OK, I prefer openvpn -- it works much nicer cross platform (the linux version seems half assed compared to the windows, whereas ovpn is exactly the same everywhere), it doesn't have an external company as a single point of failure, it's more configurable, and generally feels more solid.

    Its main downside is that it's designed server-client with you being the server, so you become the single point of failure, as well as having to act as proxy for all network traffic -- AFAIK hamachi only uses the central server to start connections, and runs p2p from then on.

  • If all you want to do is share files then you could try using http://gift.sourceforge.net/ [sourceforge.net] and OpenFT. You should be able to set up a private P2P network for sharing files and it could save you some bandwidth if everybody wants to grab the same file.
  • It's supported by lots of different routers, and I believe contains an openVPN implementation.
  • I've been looking to do something kind of similiar, and have been eyeing up egroupware [egroupware.org] to do it. Any thoughts?
  • I have family in 3 different states and 3 different countries. I feel your pain. www.logmein.com [logmein.com] Okay, so it's not VPN, but it's a verynice little remote access program. It allows remote access via web browser. The basic version is free. If you want to pay $60 a year for the pro version, it allows you to transfer files.

    I just installed it on my families computers, so when they need tech support, I can have them open logmein, and I can just fix their computers remotely instead of talking them through its
  • You just need to set up a Clark Connect [clarkconnect.org] server as your router. It can also run behind your router. I've used the road warrior VPN with the windows XP client, it works fine.

    Don't complicate things, just set this up on your end, enable the road warrior VPN, and pass out accounts to family memebers with instructions for setting up the XP PPTP client.
  • At http://www.sslexplorer.com/showSslExplorer.do [sslexplorer.com]

    All they'll need is an SSL capable browser. You can set up all the accounts and Tunnels for them.
  • All great suggestions. I've got some goof off time this weekend, so I'll take a look at all these, run them through the "can I afford it" and "can they figure out how to do this" filter and get to it.

    BTW, I know connecting up all the LANs is a bit over the top, but really, if I can pull this off, how cool would that be? It's good for at least a semi-Ubergeek badge or something...

  • Linksys makes a very nice firewall/router [linksys.com] that allows 2 simultanious VPNs. If there are more than 3 sites you could go for a Smoothwall [smoothwall.org] server using an old PC and 2 nics.

  • FYI, I took several suggestions under advisement, and as of last night, the VPN was up and running, in most cases behind two NAT routers, firewalls, and various other impediments to easy networking. The file transfer speed ain't great, but it's way better than putting it on a zip disk and putting the zip disk in a car. Plus, all my lower-tech users can swap files easily with mapped drives, and I can safely tell them now not to open ANY file attatchments for ANY reason. If it's legit, it'll come over the VP

It is surely a great calamity for a human being to have no obsessions. - Robert Bly

Working...