The Challange: Create a fully Windows 2000 Domain connected via VPN.

Here, < http://www.microsoft.com/TechNet/win2000/vpnscen.asp >
Microsoft has laid out a scenario almost equal to ours. We are creating a Persistant VPN similar to the Corporate Office with 2 branch offices connecting.

The only difference? We are all using Netgears RT314 Cable/DSL Router/Switch as our backbone and connection to the internet, instead of using a windows 2000 server as our gateway.

Has anyone else done this via a Router to Router VPN connection?

We have succesfully created computer to server VPN connections. This works well for just playing games and stuff through a tunnel, but the goal is to have all 3 of our houses connected via VPN and function as though we are on the same LAN 24/7. I know it can be done, but it's been fucking with me! I think the RT314 may have something to do with it. Not sure though.

On a side note. Has anyone had any problems with the RT314 renewing it's WAN address from @Home via DHCP????

Every 7 days I have to disjoin my computer from my domain, rename it to the stupid @Home Computer name, plug my computer directly in to the cable modem, renew the DHCP address, and then plug it back into the router, and re-join my computer to my Win2k Domain!

Major pain in the ass!!!

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

Can you do a DHCP server from a Win2K server box? It's hella easy to configure. Or, do you need to get a specific address from the cable folks? If you can run your own subnet DNS (i'm making up words now), and your cable folks allow you to zone transfer up, then you can do your own addresses, and just tell your cable company which ones you plan to use. Does DHCP interact with DNS? Will it do exclusions based on currently taken DNS entries from elsewhere? Will their DHCP recognize that you have taken one of their addresses (by checking their DNS which you have zone transfered to) and not assign it to anyone else? Can you get by having just a subnet with a bunch of '10.' IPs?

That's all I got. I'm not going to edit because that's pretty much a print of my thought process. Hope something there catches your eye. Remember, I don't do networking. In fact, I hate it.

Ok here's a little more detailed scenario.

We each have ONE VALID internet address from @Home. 24.?.?.? That is the WAN address for the router, which it gets through @Home's DHCP. Internally we all use private subnets.
Me: 192.168.0.?
Friend 1: 192.168.1.?
Friend 2: 192.168.2.?

We all have a Win2k Server which is a DHCP/DNS/VPN box which are all members of the same forest.

What we do is use the NAT/SUA capabilities of the router to point Port 1723 (VPN) to our internal VPN Servers.

So what I do is setup a router to router connection from my server to the WAN address of each friends router. What this does is forward all traffic on 1723 to their router which in turn forwards those packets to their server. BAM, we have connection and I can actually ping all boxes on their network from MY SERVER!!!! NOW... If I go to my workstation and try to ping their address, my computer recognizes the fact that the address is not on my subnet, forwards the packet to my ROUTER/GATEWAY which normally would forward out to the internet. (Which is bad, since I'm pinging and invalid address)

What I've done is setup a static route to pick up all traffic from 192.168.1.? and 192.168.2.? and forward THOSE packets to my internal server.

Now here is the breakdown. My server then is functioning as a router as well. I have a static route setup to send all info directed to 192.168.1.? through the VPN interface to Friend 1's house. Similarly, I have another route setup to send 192.168.2.? through the VPN interface to friend 2's house.

What happens is I get a destination host unknown.

BUT!!! If I take everyone of my boxes and connect indivually to either friends VPN server. I can then ping all his boxes and he can ping all my boxes. This is cool, but we have 5 VPN connections going. It would be better to just have ONE vpn connection through my server which is persistant, and then have it route packets the way it's fucking supposed to!!!

It's not working...

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

p.s. I don't know if you knew this but @home assigns you a IP based on the hostname info mentioned above. Every @home account has at least 1 IP that never changes. You don't need to use their crappy DHCP servers. Just make sure you write down the other important info that they give you thru DHCP, such as your gateway and DNS servers, and then specify all that crap manually.

But the Netgear allows me to do a pure command line interface with the router to setup complex filters and advanced features well outside of the scope of the Linksys.

Just for the record my 2 friends acutally use the linksys, it just wasn't worth mentioning at the time.

I guess everyone has their own opinion though. and I'm just a command line junkie. I still add users accounts in NT through the command line.

Anyway. Yes I'm aware the host name and domain name, and everything is set correctly. But as I also understand, their DHCP looks at the Windows workgroup for @Home, something that can not be programmed into the router.

Also intrestling enough, in the command line interface of the router if I do a 'sys date' the router reports that it is Sat 1/1/2000

I had this problem in the old days of computer imaging, of taking a new computer that had never been booted, applying an image, and then it failing to connect to the network upon booting. Stumped me forever, but then I called Microsoft Premier and they had me reset the date/time on the PC. Then all the sudden it worked!!! I just can't remember if the date was in the future or the past. I suspect this may be the problem, and I've opened a case with Netgear to fix this shit!!!

As far as the VPN stuff goes, I'm pretty determined to be in a full Windows 2000 domain, using only Microsoft Products. It's good experience, and I'm not Linux savvy nor do I ever plan to be.

Oh, I also tried spoofing the MAC with my router with no luck, and I did try manual setting. I was able to ping the WAN address the GATEWAY, but NOT the DNS SERVERS or any other static address I could think of to try and ping... Not sure why the manual stuff is not working. Oh, and I should mention, that it does work with the manual addresses so long as the DHCP lease is not expired. Once I release the address through 'ipconfig /release' it'll stop working!

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

I also love how you claim to be a command-line junkie but swear by Microsoft products :-)

I guess it's your choice, but as a UNIX advocate I do contend that if you want true power in a command line, you won't find it with MS.

People can bitch all they want about how bad Microsoft is. But that's all it is.... Bitching!

As of right now, I could ditch the router and use Win2k to act as my gateway, (in much the same way you are talking about using vpnd)

You need to read the reviews comparing the 2 routers, the performance on the Netgear is way above the Linksys. People's biggest complaint about the Netgear is the lack of a fully HTTP interface. Which is something I can certainly live without.

The linksys does have NAT/SUA and SOME filtering options. But none of these options are standard to normal router formats of layering access lists. The Netgear allows filters to be applied in layers executed in order.

It goes down the list and if it meets and access granted condition the traffic goes through, where-as the second it meets an access denied it is punched. This method is much more efficient for filtering packets as it allows the router not to have to perform so many actions on all traffic.

Let me just put it this way.

The netgear does everything that the linksys does, and then some.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

Take the old detnet server, for instance. Damn thing ran for 200+ days and served hundreds of gigabytes without so much as a hiccup. In fact, the only reason I had to reboot it was when a route failed and I figured the box had crashed, so I called them up and told them to reboot it. They did so, but then I realized that if I had just waited a bit, things would've been back to normal. I know some NT boxes can last that long, but they're the exception, not the rule.

UNIX philosophy is also centered around the command line, whereas MS's design philosophy seems to be to wrap a GUI around a less-than-functional CLI. Granted MS products are far easier to get started on, but I truly believe one reaches a point where they 'graduate' to UNIX.

I'm going to leave it at that rather than start a flame war. If there's anything I hate more than Windows, it's OS zealots. I try to advocate UNIX without being a zealot.

I don't see the purpose of running Win2k as a desktop without taking full advantage of what a FULL Win2k domain coupled with active directory has to offer. I don't see how you COULDN'T see that.

I happen to run Web Servers for a living, and all are on the NT platform. I've never done a UNIX/LINUX one, so I have little to compare with. People seem to think that getting IIS up and running is a breeze, but because of the security/stability issues you mentioned it's so much more than that. It's actually fun! I can see a place for the GUI. I love the command since it's so much easier (for me at least) do a CTRL-ALT-C (My shortcut to a command prompt) and type in a command than it is to go Start -> Setting -> Control panel, search for the Icon or whatever... You get the picture.

BUT, as far as configuring goes. Nothing beats a GUI. I tried setting up Apache for Win32. Going through countless lines of linear text to setup options was a bitch! It down right SUCKED! The Windows Registry is a marvel! You get complete control, yet everything is laid out in a logical format via folders. Not scrolling through linear text.

A properly configured Windows Domain with all it's options for Group Policies, User Policies, it's newly reformatted DNS method of Name Resolution. It's also great that you can setup a User, The Users Email Address, and apply them to a role. From that role a ALL the users access rights to File Shares, SQL Servers, Internet Access, Remote VPN access, even down to the desktop icons, wallpapers, and even links in their Internet Explorer favoroites can be set for them. Simply by Entering their Name.

Now what is to complain about that?

To me LINUX takes away the Workgroup portion of a business. It tears away at all the wonderful things that come with integration. And lets not forget support. Because their isn't any. None that is standard at least.

Plus, although I think Open Source is a cool idea, it can lead to a nightmare in a business enviroment.

I can't stress enough how well Microsoft Products (Implemented Correctly) work in an Enterprise level corporation...

(ps, you'd think that someone that 'claims' to be all about UNIX would jump at the telnet features of the RT314 )

Please sell me on LINUX. I really don't know all that much about it. I do know ALL Microsoft Products inside and out. I've currently completed about.... Oh shit... I don't know tons of thier tests, from Server to Workstation, from NT 4, to 2000, IIS to SQL... I love it. It works! I can't find a reason not to like them. So help me out here.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

quote:

---

Originally posted by cr0bar:
Take the old detnet server, for instance. Damn thing ran for 200+ days and served hundreds of gigabytes without so much as a hiccup

---

This was a dedicated box correct?

In the year I've been working with Sabre, none of our 25+ dedicated boxes have ever gone down without someone purposely rebooting as a result of a patch/sp/or something similar.

Our shared servers are a different story. 600+ webs per box running hundread of poorly written ASP applications, plus poorly written COM objects. We also have damn people who think it's exceptable to run a 10+ Gig Website managed by FrontPage 97! GRRRRRRRRRRRRRRRRRRR!!!!

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

I run Win2K on the desktop for hardware support, games, photoshop , and all-around application availability. It's also just a way better GUI than X, IMHO.

There's nothing inherently wrong with a GUI. I'd love to use a GUI configuration utility for Apache/PHP, qmail, djbdns, Samba, or any of the other UNIX packages I use frequently. . .the problem is that usually GUI design philosophy doesn't assume that the user is already a command-line expert. This contributes to default installations of something like NT + IIS being insecure and unstable, whilst something like OpenBSD hasn't had an 'out-of-the-box' exploit in something like three years. Again, it might be fun to tweak things like you said, but I like not having to, and when I do have to/want to, I find that UNIX apps allow for a whole lot more 'tweakability', albeit through text config files.

I don't dispute Windows' place as a business desktop OS. It has a far more complete feature set than anything else, and hell, I use it so what kind of hypocrite would I be if I told everyone else to use Linux + X Windows as their desktop environment?

As for telnet support being all it takes to excite a UNIX junkie into using the Netgear....well....telnet's just a protocol, and the true UNIX junkie already has a box set up doing everything the Netgear does and more :-)

Oh, one thing I didn't mention before is that one can assemble a damn reliable UNIX setup for the price of the hardware. . .something I challenge someone to do with Microsoft software without breaking any laws. At the enterprise level this isn't a consideration, but for instance, when I set up a school's network + website, it was much easier to put Apache, IP masq, and Sendmail (ugh) on a 133MHz Linux box with 16MB of RAM than to tell them to buy an NT license and a P3.

When you talk about NT being a choice desktop OS, it HAS to have an NT Server for it to become a member of the domain with.

Or else you have to setup users on EVERY box. Does linux provide centralized user management compatable with an NT desktop? I'm asking not being sarcastic.

And if you are already going to have an NT box to run your domain, and manage your users accounts, then doesn't it make sense to go ahead and use DHCP with it? Win2k requires the authorization of DHCP servers before domain members can grab an IP to prevent rouge DHCP servers. Now if your already using an NT domain, DHCP, and NT for a file server.... Why not integrate DNS. Win2k clients can dynamically register thier addresses in the DNS. Now if all that is true, why not throw in SQL. NT accounts can be used for SQL access, no need for duplicate accounts, or worrying about deleting multiple accounts if an employee quits. Now throw in IIS and integrate NT security with it for secure websites.

It gives you centralized place to do everything! Throw in email, throw in SQL, throw in IIS....

Sure it's expensive, but that's not the arguement.

Like I said, *nix has it's place. I just don't see where it fits into a corporation.

Lots of people use it though, and I believe they pay more for the number of administrators it takes to effectively manage all the different user accounts and such than it would cost to just use NT.

I think UNIX is just wonderful for terminal type applications that only require users to interface with a mainframe, or for basic email.

I'm not a UNIX guru by any means, but I have had to play with it. It literally caused 90\% of my heartache at my job. Probably because I didn't know how to use it properly. I assume the same from people who can't see that NT is better than UNIX in a large business.

This is my outlook in a nutshell.

Windows for a consumer desktop.
Linux for small to medium sized business that need cost effective solutions that don't require centralized management.
UNIX for terminal services such as Mainframe database access and Pine mail or whatever.
NT for anything above that.

IMHO

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

However, if you're talking about websites/e-mail/ftp/DNS services, that's a whole different ballpark, in my opinion. Your core app is no longer coordinating a corporate network.

I think you will find that the larger the service, the less people rely on more or less 'consumer' software from Microsoft.

Hotmail, for instance, has to serve a mind-bogglingly large number of simultaneous users, and handle e-mail for their entire userbase. Microsoft tried repeatedly to get it running on NT, and failed. So it's still using FreeBSD and qmail the last time I checked.

Yahoo as well uses FreeBSD.

Most ISPs who don't suffer from day-to-day downtime and service interruptions also use some form of UNIX. Road Runner uses NT. I think @home uses NT. They both have all sorts of problems. I don't want to sound patronizing, but do you know something they don't? You already said you don't know much about UNIX.

There are other places to look to see the ubiquity of UNIX. Try < http://www.netcraft.com/ > and read their survey of the most popular web serving platforms. Then look at their list of the top 50 uptimes.

Again, for serving Windows machines, Windows NT is best, but if that's not your goal, UNIX is far more versatile. I should also note that it is possible to provide some Windows domain controller features off of UNIX boxes, but I'm don't know how sophisticated the software is yet. This isn't a shortcoming of UNIX, however, because it's not trying to compete with Windows in that respect.

I must say that I do find your 'hierarchy of OS applications' a bit...misinformed...

Personally I use 2000. I like the command line, I like Unix/Linux my problem is I haven't used it enough to feel like I know what I am doing.
< http://my.tenforward.com/raissa/vpn.htm >
for a picture of what I am talking about

Have fun.

[edit: add url]
------------------
"Who needs television... I have ISDN." -- Ben Gross

This message has been edited by justcozz on March 07, 2001 at 07:49 PM

Hotmail is Win2k IIS 5 by the way.
< www.terraserver.com > is IIS 4 NT 4 which also hosts the largest on-line database in the world, which is run on MSSQL 7.

My point still, which I believe is being over-looked another time. Is the integration that Microsoft products provide from one service to the next, it just makes sense to let it all run together.

It's people who grab Checkpoint for a Firewall, Windows NT for domains, Netscape for EMail, Apache for Web, Oracle for Databases, Unix for DNS, iMacs on the desktop, Novell for the Network, and Lotus Smartsuite for Office Collaboration, that begin to have all these problems you mentioned. I've been in these integration nightmare scenario combining the above mentioned scenario!!! SWEAR TO GOD!!

I promise if you ever get the opportunity (which you won't) to work for a company that uses Microsoft's flavor of software (provided they make one) for EVERYTHING, you'd be surprised (pleasantly) just how well everything integrates. It amazes me. Really does!

I'm also pretty sure I know what works well, and what HASN'T, I've been there done that. Several, several, several times. I'd be perfectly happy where I am now, if they'd just take DNS away from the UNIX boys, and ditch Netscape as our email server.

quote:

---

I believe we have the same Linksys box. I would suggest getting 2 NICs for your ‘server’ on each network. Use that computer as a gate. Setup a static route on all the rest of the computers pointing them to the server to access the other network. Use a VPN from server to server. You might be able to do this with one NIC I’m not sure. As far as active directory goes I’m assuming you have each network as a different site so replication doesn’t waste all your bandwidth. If it is the Linksys box I am thinking of it has a built-in firewall so you can use any IP address you want behind the router.

---

Yes that will work. I already know I can do that. I want to do it through my router. That's why I bought it. If I do it through my server, my server will be directly connected to the Internet... I don't want that. I just want port 1723 open to my server and few other ones. Technically with SUA/NAT by pointing 1723 to my internal box, my computer should be able to treat my VPN connection just as if it were a dynamic NIC. I may have to resort to that solution, but not untill I'm positive I can't do it my way.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

quote:

---

Originally posted by justcozz:
< http://my.tenforward.com/raissa/vpn.htm >
for a picture of what I am talking about

---

Actually that picture is exactly what I'm doing. And it doesn't require 2 nics in the server. It's a router to router connection because the servers are acting as routers...

And cr0 about the longest uptime thing, I've seen that netcraft before. Come on now... Look at the sites with the longest uptime, have you heard of ANY of them??? I could toss up a Windows 95 box with PWS and let Netcraft poll it, and it probably would stay up for YEARS! Now if it was Apache.org, linux.org, and some other big websites leading the list, I'd be more open to your arguement. Poll Netcrafts own uptime and pair it against Dell or Compaq... You know they take millions more hits per day....

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

See, it's not really an argument. You're saying that Microsoft products work great together, and I'm saying of course they do.

I'm also saying that UNIX works great too and allows the user far more power and versatility [insert open-source sermon here].

...then you come back at me with networks running all sorts of Novell/Lotus/Nutscrape bullshit...and I couldn't agree with you more :-)

As for Hotmail, I think the frontend may be IIS, but I know that for a very long while FreeBSD + qmail was running that operation and did a bang-up job. When they ported it to NT, it failed. Of course, this doesn't compare to the other uses of NT, since Hotmail is a webmail app and NT wasn't designed to run webmail. FreeBSD arguably wasn't either, but it lends itself better to that. This gets back to my whole versatility claim....

quote:

---

Originally posted by cr0bar:
However, if you're talking about websites/e-mail/ftp/DNS services, that's a whole different ballpark, in my opinion.

---

I'll give you websites on a price/performance ratio. But I don't think that's true when you are in a corporation where you're not just talking about inTERnet sites. What about when you throw in 5,000+ InTRAnet sites. Most are small, all are FrontPage. Now I have to deal with security. Integrated Security with NT just makes my life simple. Now when we talk about high end web servers serving the inTERnet you have to look at the type of applications you'll be doing. To me ASP is by far the most scalable programming interface. And .net is going to take that to a whole new level!

Now I can't believe you'd take Unix email over Exchange. Exchange is by far the best Workgroup email package in existance. Fuck IMAP and POP3... Lotus Notes would get my award for second place. You can make the argument that a LINUX box running on a 486 with 64k of RAM can handle 20,000 users, but what features do you get?!?! None. Exchange and Notes are much more than a way to send simple text messages. It's a whole office collaboration piece.

DNS??? What advantages does UNIX provide in serving DNS?

FTP... Sure ok... I don't have a preferance one way or the other.

And that's all you've said. You stated NT works great at being NT and integrating with NT products. I thought that's what you were origanally against.

You've then stated that UNIX is far more powerful and versitile than NT. But just in the above mentioned situations? Which I strongly disagree with EMail. Websites, in some instances would be far better suited on UNIX, but that's the execption, not the rule. DNS??!?! I can't see your point on this one.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

"UNIX is no good at being an MS Exchange server!"

Well, duh.

Exchange may be a great collaboration tool, but it's not really a standard. You might say that Microsoft is a standard in as of itself, and that's fine, but when most people talk about standards, they're thinking of protocols such as SMTP, POP3, IMAP, etc, which are strictly defined, yet implemented in various ways. Things like Exchange (or any of MS's other proprietary protocols/file formats/server software) can't be implemented any other way than Microsoft's way.

I shouldn't need to point out that Microsoft implementations are notorious for being bloated and insecure. Check out Bugtraq or any number of independent reports on security vulnerabilities in various popular server platforms.

Dealing with 5,000+ intranet sites managed with FrontPage wouldn't really be a challenge for a UNIX admin, but UNIX admins don't usually run FrontPage because of its horrible security. "Fine", you say, "so what's the UNIX equivalent of FrontPage?" Well, Microsoft wrote it. What's more, anything that lets users edit websites through a bunch of CGI-esque scripts and POST commands will be buggy, which is why die-hards will hate things like Cobalt RaQs, even though they run Linux.

I don't know much about ASP, and so I can't comment on it, but AFAIK there's nothing you can do with ASP that you can't do with PHP or CGI scripts (and vice versa). Perl is another story (there doesn't seem to be anything you can't do in Perl--someone recently implemented DeCSS in Perl for cryin' out loud). However, if I had to run ASP, I'd do it on a UNIX box using ChiliSoft's package, not under NT.

Again, your comment about "What advantage does UNIX have in serving DNS?" is shortsighted and sort of displays a lack of understanding of the issues. DNS is, yes, a relatively simple task of mapping hostnames to IP addresses. The problems start cropping up when you consider how inherently insecure the current global DNS implementation is. There are also performance issues if you're talking about ISP DNS servers which handle requests for thousands of domains. I'll admit that even UNIX packages such as BIND which is probably the most widely used nameserver are horribly insecure and poorly written. However, there are options for anyone who cares to take a look at the fine software available (for free) at < http://cr.yp.to/ > (the same applies to the Sendmail MTA). Dan Bernstein's djbdns package has reportedly handled 7,000 DNS queries per second on a P3 550. NT's DNS implementation, on the other hand, is known to be buggy and insecure. (Bugtraq)

However, I can easily see how you'd be tempted to scoff and say "DNS? It's just DNS!"

Same issue with FTP. It may seem like a relatively simple and straightforward service, but then again, while NT might be great for a FTP site that you run for you and your buddies who aren't trying to hack it, if you're going to serve thousands of simultaneous users off a P3 500, you might want to take a look at what cdrom.com is doing with FreeBSD.

I don't think my view that NT is great for serving a Windows environment conflicts at all with my view that the UNIXes are far more robust and versatile. It only makes sense that the Windowses work great together--I should hope they do!

I've played with NT, and out of the box it can be very attractive. Point-click, you're fully featured and ready to serve websites, fancy email, FTP, DNS, the works. . .but it's sort of like buying a Compaq from CompUSA. . .people who care about the internals of their system and the elegance of their software will build it themselves and not be happy with prefab turnkey solutions.

I hope I've managed to further understanding of my viewpoint without offending anyone's preferences. I do not deny that NT can do a lot of great things very easily, but this doesn't say anything about UNIX, whose design philosophy I happen to favor for the reasons I've been citing ad nauseum (security, stability, versatility, cost).

Oh, one more thing I just thought of. Linux (and FreeBSD) can make a great router and/or firewall. < http://www.freesco.org/ > provides a one-disk Linux-based router solution which boots off a floppy and then runs entirely out of memory. The < GNAT Box > is also truly amazing, and is based on a stripped-down BSD kernel. (click the link to see the kind of performance it offers on different hardware). 64 Virtual clients each generating thousands of concurrent sessions pulled 29,479kbit/s through a GNAT Box running on a P166 w/ 16MB of RAM. Why can't NT do this? It's just too bloated. You won't strip it down to fit on a floppy and still be so nimble. (NT advocates will probably say "that's because it has more features!". . .to which I say sometimes you don't want more features than you need. If you did, then you'd see NT outperforming UNIX in all areas with little or no modifications)

quote:

---

Originally posted by cr0bar:
It's just too bloated. You won't strip it down to fit on a floppy and still be so nimble. (NT advocates will probably say "that's because it has more features!". . .to which I say sometimes you don't want more features than you need. If you did, then you'd see NT outperforming UNIX in all areas with little or no modifications)

---

Which is why I said there is a place for *NIX.

I'll reply to the rest later, cause I still think you don't see MY point. I see yours.

I knew I shouldn't have checked this thread from home. Now I'm going to be late for work.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

I'm guessing, and correct me if I'm wrong, you either work for a DOT COM or an ISP. All your answers seemed to be geared more towards servering network customers throught the internet rather than running a corporate/enterprise network, where your network customers are your employees. It's 2 different ball games, and unfortunatley I don't have much experience in the first. Maybe UNIX is better suited for that.

But I don't think I'll be able to see the advantage in a corporation, UNIX simply does not have the FEATURES ( ) that NT does when it comes to managing a network.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

Hey, at least we managed to discuss UNIX and NT without a slashdot-style flame war!

I'd be interested to hear other forum readers' opinions on this matter...that is if any have had the patience to read all this text....

quote:

---

Originally posted by cr0bar:
Hey, at least we managed to discuss UNIX and NT without a slashdot-style flame war!

---

I agree, that was a pleasant change.

I guess it's because I don't have anything AGAINST UNIX, and you don't have anything AGAINST NT. It's like you said, we just have preferences!

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

See why?

Notice the last HotFix is Pre-SP3... WTF? SP2 hasn't even gone gold yet!

But, if you know what you are doing, you can stay on top of these issue, and there are many other ways outside of the OS to ensure security.

------------------
jim
Beauty is in the eye of the Beer Holder
< Brews and Cues >

This message has been edited by jim on March 09, 2001 at 07:33 PM

Also a fix to your vpn problem.... setup your vpn with your 2k box then let 2k share the internet connection with the network. This moves your gateway from your router to your 2k box, which already has the right route in it.

I run the same config with 4 other people. the only difference is I have a SMC Barricade router and a Cisco pix 515 in there too.

I know its not the only way but it does the job, and it meets all my requirements. Im not going to run a linux server to masq ips just because linux is more suited for that stuff or just to be l33t.

------------------
Chastity is curable, if detected early.
I couldn't repair your brakes, so I made your horn louder.
For Sale: Parachute. Only used once, never opened, small stain.

i can't wait, i love sluts

------------------
I have yet to meet a C compiler that is more friendly and easier to use than eating soup with a knife.