[Users] Freeswan /Win2k domain

Hi I have a few questions for the list. Sorry if these have already been asked, I have had a good search, just wanted to confirm what I found.

Up until now I have been using gre-packet encapsulation with pptp as a vpn solution for access to my internal LAN. The main reason for implementing pptp is that my LAN is NAT'ed behind two gateways and I have heard that ipsec is not always happy with NAT traversal. This is all about to change as we are going to face outwards now.

What I plan to do is build a firewall/vpn server using iptables and freeswan ipsec. The netfilter will be to add protection and ipsec to allow access to two internal servers one windows 2000 domain controller and one Linux IMAP mail server. So in affect all clients from within the LAN will be moved out and become road-warrior type clients working from home. This will be new ground for me as I am used to having everyone on the LAN side of the firewall/gateway. So what we are trying for is a 'Virtual Office'.

Some of the things I am unsure of are - Is it possible for the clients to logon to the windows 2000 server domain via freeswan IPSEC? as close too being directly connected as they are when in the present LAN situation? So that they can sync to a central source-code version control system, inherit permissions, net sends to the domain and access shares on each others machines (using the domain permission structure) via the freeswan IPSEC connection to the domain contoller. Not sure if dhcp would come into this anywhere, i currently have the win2k machine looking after address allocation. There will be on average 7-10 users running individual tunnels for about 8 hours a day at the same time. This will be quite a bit of traffic going back and forth. Does this require samba?

Anyone had to set up a similar situation?

Thanks,
Luke Received on Wed Oct 1 09:39:30 2003