From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: Gianni Pucciani <gp.puccio@tin.it>
Cc: Netfilter <netfilter@lists.netfilter.org>
Subject: Re: vpn under linux
Date: Sat, 10 Apr 2004 08:30:11 -0400 [thread overview]
Message-ID: <1081600210.491.12.camel@localhost> (raw)
In-Reply-To: <4077B7EF.5070805@tin.it>
On Sat, 2004-04-10 at 05:01, Gianni Pucciani wrote:
> Hi all,
> some of you can give me some input about the best way to set up a vpn
> under two Linux RH9 systems?
> I heared there are different solution (PPP and SSH, PPTP...) and I'd
> like to know your opinion about that.
> Thanks
>
> Gianni
Like Antony, we prefer and utilize IPSec for network to network
connections. In fact, our entire business model of global delivery of
IT services from centralized GNOCs is built around it and have used it
for very complex and very large site to site configurations (hundreds of
gateways and thousands of users and planned for thousands of gateways
and tens of thousands of users). We are in the process of transitioning
from an extraordinarily powerful but obscure proprietary product to an
open source solution.
The closest solution we could find to rival the commercial offerings on
such a large scale is netfilter + freeS/WAN + iproute2 + ISC DHCP +
StrongSec DHCP Relay + OpenCA. There are reasonable alternatives to
OpenCA.
The FreeS/WAN code is alive and healthy. Two major cooperative forks
are available. One is at www.openswan.org and the other is at
www.strongswan.org. Both are well supported and helpful.
There a fairly complete although slightly dated slide shows on tying all
these technologies together (other than OpenCA) in the training section
of http://iscs.sourceforge.net.
The only major missing piece right now to make this combination a
full-fledged competitor to the largest and most expensive commercial
players is a sophisticated management front end such as those offered by
Solsoft, SmartPipes, NetScreen, Checkpoint, etc. That is the hole I am
trying to fill with the ISCS project. It is the last piece that we need
before we can do with open source tools what we have previously only
been able to do with commercial tools to achieve the scale and
complexity we need. If anyone wants to help, it is a huge project and I
can use all the help I can get!
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
next prev parent reply other threads:[~2004-04-10 12:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-10 9:01 vpn under linux Gianni Pucciani
2004-04-10 9:18 ` Antony Stone
2004-04-10 9:31 ` Gianni Pucciani
2004-04-10 9:44 ` Antony Stone
2004-04-10 9:41 ` Gianni Pucciani
2004-04-10 10:00 ` Antony Stone
2004-04-10 10:15 ` Gianni Pucciani
2004-04-10 23:41 ` Alexander Samad
2004-04-11 0:09 ` Aaron P. Martinez
2004-04-12 12:25 ` Scott MacKay
2004-04-12 16:01 ` John A. Sullivan III
2004-04-12 18:58 ` Dick St.Peters
2004-04-10 9:47 ` Victor Julien
2004-04-10 12:30 ` John A. Sullivan III [this message]
2004-04-10 17:23 ` Tony Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1081600210.491.12.camel@localhost \
--to=john.sullivan@nexusmgmt.com \
--cc=gp.puccio@tin.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.