[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Question on PPTP and IPSec
 Date:  Sun, 21 Jan 2007 12:36:38 -0600
From: "Goboxe PH" <goboxe at gmail dot com>

> I have the following requirements for my company.

> 1. To connect our 3 offices using VPN. Now, all offices have broadband 
> line.

The primary MUST have a static IP address.  For ipsec to work, one endpoint 
must be static IP.

> 2. Staff will connect to one VPN server (may be at HQ), but should be
> able to access network resources in the HQ and branches offices.

This should be able to be done with the correct firewall rules, and a bit of 
static routing.  It would be easiest with PPtP for your users, and ipsec for 
the network lines.

> 3. To be able to log all user transactions e.g. which servers they are
> accessing, what services they are using, etc.


> My questions:

> a) RE. 2 above: What is the VPN configuration recommendation for the 
> setup.

>  Is using IPSec for inter-office VPN & using PPTP for users authentication
>  to VPN is a good choice?

So far, so good.

> b) RE. 3 above: How detail is the m0n0wall log file for VPN both IPSec and 
>  Can I trace what users are doing once connected to VPN?
>  If possible, I would like to see the followings:
>    - which servers they are accessing
>    - what services they are using, may be by port number
>    - how long they have login
>    - from which IP they are connecting

The logs in monowall only tell you what user connected to pptp.  To get 
everything you want, you need some type of sniffer on each segment, and tie 
that back to the pptp logs.