Linux

Free VPN solution had a major impact on this company

When you think of one app that can change how a company does business, an open source VPN server might not be the first thing that comes to mind. See how the subject of this week's From the Trenches accomplished a major coup with Linux-based PoPToP.

At smaller companies, a single application can change the way business is conducted. In the case of one network administrator, it changed where a part of his business was conducted as well.

In this week's From the Trenches column, we'll see how Layton changed his company and saved it thousands of dollars when he incorporated a freeware Linux VPN solution based on the PPTP protocol into his network.

Layton is a native of central Florida who works for a company that makes custom modifications to applications used in the medical industry. The company initially had two offices, one in Orlando, FL, and the other in Columbia, SC.

While most of the administrative functions were done in Columbia, a data center was located in Orlando, with most of the company's developers working from their homes in the Orlando area. Other developers worked from locations throughout the country.

Let's take a look at how Layton helped the company consolidate its assets in one location and provide its far-flung employees better access to its data center.

Get insights From the Trenches
You can learn quite a bit by reading about the methods other administrators and engineers use to resolve challenging technology issues. Our hope is that this column will provide you with unique solutions and valuable techniques that can help you become a better IT professional. If you have an experience that would be a good candidate for a future From the Trenches column, please e-mail us. All administrators and their companies remain anonymous in this column so that no sensitive company or network information is revealed.

How one app changes the way work gets done
Part of Layton's reason for developing the VPN solution for his company a few years ago was to gain some job security.

"There are two ways to be beneficial to a company. You can make them money or you can save them money," he said. "If you can do both, you will be the golden child. That's what I'm trying to do. I'm saving them money now, so I've got to figure out a way to make them money."

When the company had an office in Orlando, its data center consisted of several AS/400s that the company's developer staff accessed through a modem bank connected to the servers through a Perl-based remote access server program.

"I started fiddling around with a few ideas about doing a VPN, and the two owners of the company asked how much it would cost and could we do it," Layton said. "I found PoPToP one day by accident and started playing with it [on] a little desktop that was no longer being used."

Layton had been playing with Linux for about three and a half years at this point, and the little desktop was soon put to use as a Linux server.

"At first, they were scared to death that it was UNIX, and they wondered who would fix it [if it broke]. I said, ‘That's what you've got me for.’"

Layton’s boss gave him about a week to work on implementing the PoPToP server, which uses PPTP for the VPN tunnel.

"Once I got it up, we were able to close our office in Orlando and move it all up to Columbia. We now have a bigger data center and a bigger office and no phone costs," Layton said.

All of his end users love using the VPN. In addition, one thing that really helped Layton is that the PPTP client for the VPN is built into recent versions of the Windows operating system (Windows 98 and above), since PPTP is a Microsoft-created protocol. Additionally, those who were operating with Windows 95 were able to download DUN1.3 for free from Microsoft. It took only a few minutes for each developer to set his or her machine up to communicate with the VPN.

PoPToP and Linux have come far together
Two years ago, when Layton was setting up his PoPToP server, he was using Red Hat Linux 6.1 with PoPToP 1.0.1. It took a while to set it up correctly because he had to rebuild the Linux kernel to include the Microsoft Point to Point Encryption patch so it would have the necessary sources when he rebuilt the pppd daemon.

"It's worked fantastic. I started out with version 1.0, and there's now an experimental 1.1.2 that allows IP mapping. I can set up LMHOSTS files and actually map network drives and neater things that we couldn't do in the early version."

As far as user authentication goes, Layton said, "Some people use PoPToP to talk to a PDC, but I use a local CHAP secrets file. Basically, you put a LMHOSTS file on a UNIX box and a LMHOSTS file on PDC, and it should allow browsing. All of our guys work on the AS/400, and they use Telnet, and they don't really use the folders. So it really wasn't that much of an issue."

The PoPToP box is dual-homed and uses an ipchains firewall. It's connected to the Internet via a DSL line and has been up continually since 1999. Layton wrote a script that allows him to see who is on the VPN through a Web browser, so if a process hangs on an AS/400, he can see whether he'll knock anyone off if he kills the process.

The path to being golden
Layton doesn't know exactly how much money this open source software running on a used PC is saving his company, but he can estimate some of the costs.

For example, the Orlando office lease was priced fairly cheaply at about $500 per month, but the commercial phone lines that developers dialed into with the old RAS solution cost $50 per month—and there were 14 of them.

The company also had to maintain a DSL line at each office at $50 per month, so without the Orlando office, it's saving the cost of one of those lines per month.

"We had a lot of people who had to call in from all over the country, and they'd be on the box four or five hours a day, five days per week," Layton said.

It may not seem like much to a big company, but Layton's VPN solution is saving his small company more than $2,000 per month in operating costs. So in two years, he's saved the company at least $48,000.

If you decide to give PoPToP a try, Layton has these suggestions:
  • Use Bastille Linux to harden your server's security.
  • Follow the PoPToP instructions closely.
  • Use the development version of PoPToP, 1.1.2, because it's stable and can reorder packets.

Have you used PoPToP recently?
Layton told us that PoPToP has come a long way in the past two years and with the development of the Linux kernel, getting the program to work has become very easy. What has been your experience with PoPToP and Linux? Send us a note or post a comment in the discussion below.

 
0 comments

Editor's Picks