Firewall Wizards mailing list archives
Re: VPN solution needed (linux<->win32) or (nt<->win32)
From: "Stephen P. Berry" <spb () twiddle net>
Date: Thu, 09 Dec 1999 10:36:55 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <4.2.2.19991208101550.00b0ee10 () mail almerco ca>, Mailing Lists writes:
I'm looking at implementing a VPN for my network. Basically, I actually have a linux firewall (ip filtering + masquerading) connected over a cable modem line. I want to access an internal server over untrusted networks (a friend's internet connection, the office or my own dialup account with another provider when I'm on the road). First scenario (preferred): what would be a free VPN solution using my existing linux fw? Second: what would be a non-free using my linux? third: what are the alternatives using NT as a FW?
Depends on what your data is worth and what your bandwidth and availability requirements are. Assuming (based on your description of your exisiting setup): -The data you'll be passing won't be important enough to get anybody dead or broke if it's compromised[0] -You don't feel any but the largest fluctuations in the size of your pipe, and can live with them when you feel them -Your requirements for availability of the channel don't exceed the expected availability of your linux box. also, you're probably willing to initiate and terminate the VPN sessions by hand Take a look at FreeS/WAN (I hope I got all the right letters capped there), an IPsec implimentation (including IKE) that'll run with 2.0.3x and 2.2.x linux kernels. I'm not hip to all of the interoperability issues, but I know it'll talk to OpenBSD's IPsec implimentation (using isakmp(8) for IKE), as well as, I believe, FreeBSD's KAME. The compatibility list theoretically includes IPsec implimentations, but I have no firsthand experience with getting FreeS/WAN talking to anything other than FreeS/WAN boxen and BSDs. Now that I've addressed your first question, and in light of the fact that I'm actually going to ignore your second and third questions, I'll instead answer a fourth, unasked, question: You might consider scrapping both linux and NT for this particular project and instead used OpenBSD, which rocks. That all being said, you might want to re-evaluate whether or not you actually need a VPN. In many (and I daresay most) situations in which I've been asked to set up a VPN, subsequent investigation has revealed that what in fact was needed was just a single SSL-enabled application, ssh(1), or something more along those lines. - -Steve - ----- 0 Including the value of illicit access to the channel itself. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4T/aH5OQO77HrT8IRAgRTAJwMR3i/rRvxEPwAcoMRYQBhREsv7gCdEEze 9SDuN9GrJo6RiQCxNMSEQko= =WOtf -----END PGP SIGNATURE-----
Current thread:
- VPN solution needed (linux<->win32) or (nt<->win32) Mailing Lists (Dec 08)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Shaun Moran (Dec 10)
- Looking for "lease based popper access" sedwards (Dec 12)
- Re: Looking for "lease based popper access" Crispin Cowan (Dec 13)
- Re: Looking for "lease based popper access" sedwards (Dec 13)
- Re: Looking for "lease based popper access" Crispin Cowan (Dec 13)
- Re: Looking for "lease based popper access" kwooding (Dec 14)
- Looking for "lease based popper access" sedwards (Dec 12)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Shaun Moran (Dec 10)
- <Possible follow-ups>
- RE: VPN solution needed (linux<->win32) or (nt<->win32) sean . kelly (Dec 10)
- Re: VPN solution needed (linux<->win32) or (nt<->win32) Steven M. Bellovin (Dec 12)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Predrag Zivic (Dec 13)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Tina Bird (Dec 14)