VPN options
Nathan Ollerenshaw
nathan at valuecommerce.ne.jp
Sun Feb 22 04:25:37 UTC 2004
Keith,
I looked at freeswan and IPsec as well as doing SSH tunnels, and the
best software I found for a quick and simple yet secure VPN is OpenVPN.
Its easy to set up, they have RPMs for everything you need (except for
one thing which you can get off freshrpms) and it works REALLY well.
I run a VPN between here and an office in Moscow and it was fairly
trivial to get working. Just follow the documentation closely.
The thing with FreeSwan and others is that they are very complicated
and/or use bizzare protocols such as GRE which sometimes get filtered.
OpenVPN just uses UDP for encapsulation, and TLS for the session
negotiation and OpenSSL for the encryption, so its very
straightforward. You can also set up a floating endpoint with no
problems.
Hope this helps,
\n
On Feb 21, 2004, at 9:44 AM, Keith Lofstrom wrote:
>
> I am planning on running a Virtual Private Network from my Fedora
> firewall out to a UML virtual colo (running RH9) at another site.
> That site will be the place I present services to the world;
> httpd, ssh, sftp, smtp. This is to comply with the "no servers"
> and dynamic ip restrictions on my Comcast connection to the net;
> if my firewall always drives an outbound connection to the
> colocation site, I am not worried about changes of ip address,
> and I am not opening any inbound ports.
>
> There are a number of options for the VPN - the most attractive
> are cipe ( http://sites.inka.de/sites/bigred/devel/cipe.html )
> and FreeSwan ( http://www.freeswan.org/ ), though I am told that
> one can do all this through an ssh tunnel. I would rather have
> simple and secure than super-duper; I have plenty of bandwidth,
> and will send outbound http and smtp from the firewall, so the
> main bandwidth user will be incoming spam/b/b/b/b mail.
>
> Anyone have some experiences to share about setting up VPN? Is
> there anything about either cipe or FreeSwan that is likely to
> break with FC1 or FC2?
>
> Keith
>
> --
> Keith Lofstrom keithl at ieee.org Voice (503)-520-1993
> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
--
Nathan Ollerenshaw - Unix Systems Engineer
ValueCommerce - http://www.valuecommerce.ne.jp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2381 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040222/8beaf7ea/attachment-0002.bin
More information about the users
mailing list