0

I'm not actually looking for a complete step by step answer. But really, just the broad strokes.

I have a Debian linux VM on network A. I am putting another Debian linux VM on Network B. Both networks are largely windows computers. What I need is for technicians on network A to be able to RDP to servers on Network B, across a secure internet link.

I'm really only looking for the function names of the 2 linux boxes. Are they proxy servers? routers? a bridge? I don't really know what tools should best be used here. It seems to me to be a combination of functions, but I'm not sure which ones are most appropriate.

Again, I can look up how to install software and configure a proxy server, router or whatever. I'm just looking for a leg up on how I should be approaching the problem.

Thanks.

mikekehrli
  • 111
  • 2

1 Answers1

0

You do want to set up a VPN (which is different to a proxy server). A VPN is a secured virtual connection between 2 computers or systems.

Ideally you want to put your VPN endpoints on your routers. This is because in order to secure traffic between points the traffic needs to flow to the VPN - and routers are the logical place to do this (unless you re-engineer your network) or use an inefficient and complex-to-maintain bridge system.

Some stuff you need to know

A bridge is like a virtual switch, is deals with information below the level of IP. A router deals with data at the IP level and is more efficient.

A proxy server generally acts at an application level, so it does not secure all traffic. It is also protocol specific. It won't help with RDP as RDP is a simple protocol and you can just use port forwarding - but don't do this as its less secure then a VPN.

Many prosumer routers (generally runs which can run dd-wrt or other aftermarket firmware) can be configured with OpenVPN. Most commercial routers will support ipsec, so your choice of VPN may be driven by your router choice. Don't use pptp based vpns as the protocol is no longer considered secure.

Using an x86 box running Linux (eg Debian) as a router is definately viable and my preferred option. I would be in the minority though. The thing is you will need to configure it as your router - this is nontrivial.

davidgo
  • 6,222
  • 3
  • 23
  • 41
  • Thanks very much. This is helping a great deal. The guys who will use this are just the techs. Would it be workable to make the new linux box their router - then for traffic that needed to go to local network machines, forward to the current router. In other words configure a 2nd router that would forward to the existing router for local network traffic. I don't think I can actually mess with the existing router on either end. – mikekehrli Jun 10 '20 at 22:09
  • **Being that these are VMs**, what you are asking is extremely difficult and you most likely don't have the skills to do this - and even if you have them, its a really bad idea. Can you describe your network architecture and what you can and can't modify and what kind of router you have [ie is the wan Interface ethernet or something else ? (The easiest solution if you can't modify your router is to put a second router in front of or behind that router - but this may not be practical. – davidgo Jun 11 '20 at 02:29