Re: vpn - Ted Kaczmarek

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ted Kaczmarek <tedkaz@optonline.net>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: vpn
Date: Tue, 14 Sep 2004 23:01:55 -0400	[thread overview]
Message-ID: <1095217315.21194.55.camel@inyoureyes.linsolutions.com> (raw)
In-Reply-To: <20040914160735.GP26823@metastasis.org.uk>

On Tue, 2004-09-14 at 12:07, Nick Drage wrote:
> On Tue, Sep 14, 2004 at 10:42:27AM -0400, John A. Sullivan III wrote:
> > On Tue, 2004-09-14 at 09:46, Peter Marshall wrote:
> 
> <snip>
> 
> > I would suggest an IPSec VPN using either the native IPSec stack in the
> > latest Linux or either StrongSWAN (www.strongswan.org) or OpenSWAN
> > (www.openswan.org) and placing access control and VPN on the same
> > device.  That is how we design most devices for use in the ISCS project
> > (http://iscs.sourceforge.net).
> 
> Reading "Network Security Hacks" recently I liked the look of VTun.  Any
> thoughts on that?  How does it interface with IPTables?

Keyword being hack.

 Always see if ipsec will meet your needs first, any encapsulation using
tcp for its upper layer may be easier, but can create all kinds of
interesting thing with multiple flows and tcp timers expiring. Great
stuff if you want to be an expert at debugging tcp problems, otherwise
stick to something that uses udp for its upper layer.

Although for simple traffic with minimal flows is is definitely usable.

Interop with Openswan is excellent as well these days.

Plus with Novell sponsoring Openswan it gives many people a warm fuzzy
feeling, and the list is one of the best their is, no spam assaults like
the old freeswan list.

Ted

next prev parent reply	other threads:[~2004-09-15  3:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-14 13:46 vpn Peter Marshall
2004-09-14 13:55 ` vpn George Ross
2004-09-14 14:22 ` vpn Brent Clark
2004-09-14 14:31 ` vpn Michael Gale
2004-09-14 14:42 ` vpn John A. Sullivan III
2004-09-14 16:07   ` vpn Nick Drage
2004-09-15  3:01     ` Ted Kaczmarek [this message]
2004-09-15  8:42     ` vpn René Gallati
2004-09-15 11:37       ` vpn John A. Sullivan III
2004-09-14 17:20 ` vpn Jason Opperisano
  -- strict thread matches above, loose matches on Subject: below --
2004-06-30 16:34 VPN paulobruck1
2004-06-30 16:52 ` VPN John A. Sullivan III

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1095217315.21194.55.camel@inyoureyes.linsolutions.com \
    --to=tedkaz@optonline.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.