l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2004 Sep 27 21:47

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] VPN question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] VPN question



Pete, this useful post seems relevant to your question.


 From: Gordon Heydon <gordon@heydon.com.au>
 To: Brian May <bam@snoopy.apana.org.au>
 Cc: luv-main@luv.asn.au
 X-Mailer: Ximian Evolution 1.4.6
 Date: Tue, 28 Sep 2004 14:01:14 +1000
 Subject: Re: [luv] VPN, Linux and Windows

Hello,

On Tue, 2004-09-28 at 13:44, Brian May wrote:

> I am attempting to set up a VPN between a Windows computer and a Linux
> computer. A method that included encryption would be preferred.  Ideally,
> I don't want to patch the Debian kernel either.  (It has KAME IPSEC but
> not OpenSWAN/FreeSwan patches).
>
> So far I have tried:
>
> IPSEC/L2TP:
> Pros
> * Windows XP has built in support.
> Cons
> * has problems working behind masquarading, unless masquering supports it.
> * Complicated. There appear to be two layers: IPSEC transport mode, and
>   L2TP. L2TP is easy, but I had issues with IPSEC.
> * For some weird reason IPSEC won't work on this computer.  (Windows
>   ignores the ISAKMP packets.)  Same setup as on another computer that
>   worked.
>
> OpenVPN
> Pros:
> * Windows packages available.
> Cons:
> * Last stable version didn't work, upgraded to 2.0-beta11 on both
> ends.
> * Evidence of extreme curruption on packets.
>   - Messages on Windows:  Bad LZO decompression header byte: 40
>   - tcpdump -i tun0 gets totally confused.
>
> So what is easiest way of doing this? Has anyone here done anything like
> this?

It all depends on what you are trying to achieve. I have done a lot of
work with VPNs, and for me it have come down to 2 rules.

1. If you are connecting 2 networks together, use IPSEC, and try not to
have Windows in the mix. If you need to, I have found that SSH Sentinel
is an extremely good package, and is free to use for non-commercial use.

2. If you are connecting a single point to your network, then use PPTP,
which isn't as secure, but works very well under Windows, and most
versions of Windows.

I have found that most businesses will accept PPTP, but this is because
this is pushed by Microsoft, and for some reason they think this equals
security.

Because VPNs and tunnelling for Linux are still in their infancy, you will
find that, to get a good solution, you will need to patch the kernel, no
matter which way you go.  It is a good idea to use some of the security 
patches with the kernel, anyway, so I would recompile the kernel if I
wanted added security.

Gordon.

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!