Re: Requesting info: VPN solution

[Nicholas Diotte <xphox () xphox net>]

In-Reply-To: <20040331162835.3a34c95b () roadwarrior bluesuperman com>

Michael,

I would have to agree with you on this one.  I would have gone with a similer setup, however the company I work for is 
basically anti-linux, and requires the presence of big names.

Yes, each end will have a static IP.  One will be on cable, the other on DSL.

As confident as I am about securing a linux box, I don't quite know if I would put my name on this project, as this is 
for a financial institution...  Last thing I want is someone to get into the machine, because of something that I 
didn't update.  It needs to almost be set it, and forget it.  I understand it's nearly impossible these days, however 
that is what I'm looking for...

Thanks,
Nick

> Hello,
>
>       I guess it all depends on what you need, lets say for example you have
> two offices. 
>
> One in location A with static IP A.A.A.A and one in location B with
> static IP B.B.B.B. 
>
> Why go out and spend all kinds of money on VPN's --- they all do mostly
> the same thing ... they usually all support the same encryption levels.
>
> Why not use FreeS/Wan or SuperFreeS/Wan ? You take two average boxes and
> install linux, base install nothing more. Really all you need is a
> running kernel, you could easily use a bootable CD. 
>
> Anyways base install and build Super FreeS/wan ... on VPN box at
> location A we allow only UDP port 500 traffic and IP protocol 50 from IP
> B.B.B.B only .. all other traffic is dropped. We do the same on box B at
> location B, allowing only UDP port 500 and IP protocol 50 from IP
> A.A.A.A.
>
> You use then only allow AES-256 with SHA-1-256 bit encryption using RSA
> keys.
>
> Once configured their is NO maintenance at all required. I am using a
> similar solution and since the initial install I never have had to
> touch the boxes.
>
> All this cost me about $1500 because I had to buy two boxes at $700 a
> piece.
>
>
> Michael.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------