How can I create a non-ssh VPN on debian/linux?

I have a set of remote servers, assigned to a small IP address pool. I would like to control access to some services on some servers via ip address, rather than login/password.

However, I would like to access these services from wifi hotspots, etc, so I would like to create a VPN which I would log in to (via a username/password), which would be assigned one of the IP addresses in the server's pool.

I would like to use built in clients on Windows and Mac OS X to access the VPN, which I believe rules out the commonly advocated ssh solutions.

What packages should I look into and configure on debian/linux to achieve this setup?


Solution 1:

xl2tpd is in Debian. It's a server for L2TP IPSec VPN. Windows supports L2TP natively. Alternatively, you can use OpenSwan (also in Debian) to set up IPSec.

I know you want to focus on built-in clients, but take a look at OpenVPN just the same. It's cross-platform and easy to set up and deploy. It's also extremely secure and flexible at the same time. I tried to set up xl2tpd and went with OpenVPN instead.

Solution 2:

It looks like Poptop will do the job for you. If you look in Debians package management tool you should see it.

Apparently works for Windows and Mac OS X clients (>= 10.2) although as this this article points out, you might be compromising your network security using it.

Solution 3:

What services are you providing? If the services support it, you should simply consider enabling SSL, or adding SSL via something like stunnel.

OpenVPN is one of the best packages you could install in my opinion.