Re: VPN options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Keith,

I looked at freeswan and IPsec as well as doing SSH tunnels, and the best software I found for a quick and simple yet secure VPN is OpenVPN.

Its easy to set up, they have RPMs for everything you need (except for one thing which you can get off freshrpms) and it works REALLY well.

I run a VPN between here and an office in Moscow and it was fairly trivial to get working. Just follow the documentation closely.

The thing with FreeSwan and others is that they are very complicated and/or use bizzare protocols such as GRE which sometimes get filtered.

OpenVPN just uses UDP for encapsulation, and TLS for the session negotiation and OpenSSL for the encryption, so its very straightforward. You can also set up a floating endpoint with no problems.

Hope this helps,

\n

On Feb 21, 2004, at 9:44 AM, Keith Lofstrom wrote:


I am planning on running a Virtual Private Network from my Fedora
firewall out to a UML virtual colo (running RH9) at another site.
That site will be the place I present services to the world;
httpd, ssh, sftp, smtp.  This is to comply with the "no servers"
and dynamic ip restrictions on my Comcast connection to the net;
if my firewall always drives an outbound connection to the
colocation site, I am not worried about changes of ip address,
and I am not opening any inbound ports.

There are a number of options for the VPN - the most attractive
are cipe ( http://sites.inka.de/sites/bigred/devel/cipe.html )
and FreeSwan ( http://www.freeswan.org/ ), though I am told that
one can do all this through an ssh tunnel.  I would rather have
simple and secure than super-duper;  I have plenty of bandwidth,
and will send outbound http and smtp from the firewall, so the
main bandwidth user will be incoming spam/b/b/b/b mail.

Anyone have some experiences to share about setting up VPN?  Is
there anything about either cipe or FreeSwan that is likely to
break with FC1 or FC2?

Keith

--
Keith Lofstrom           keithl@xxxxxxxx         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list


--
Nathan Ollerenshaw - Unix Systems Engineer
ValueCommerce - http://www.valuecommerce.ne.jp/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux