On Thu, 2005-10-27 at 07:49 -0400, Leonard Isham wrote: > On 10/27/05, Rick Lim <ricklim@xxxxxxxxx> wrote: > > -----Original Message----- > > From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] > > On Behalf Of Kenneth Porter > > Sent: Tuesday, October 25, 2005 12:51 AM > > To: For users of Fedora Core releases > > Subject: Re: Best VPN server to use on Fedora > > > > --On Monday, October 24, 2005 9:53 PM -0400 Leonard Isham > > <leonard.isham@xxxxxxxxx> wrote: > > > > > OpenVPN gets my vote. www.openvpn.net > > > > Agreed. It runs over SSL instead of IPSec, almost completely in userspace, > > which I find is easier to set up. The stock Fedora kernel includes the > > required kernel tun/tap device, so you don't need a custom kernel, nor > > special router support. If you can open a ssh or https connection to your > > VPN server, then you can get to it with OpenVPN, assuming the port is open. > > ISP's don't see it as "VPN". (Some forbid VPN connections.) > > > > Hi Kenneth, > > > > I have looked at OpenVPN, from what I can figure out.... with a Linux VPN > > server and windows xp clients you would have to install OpenVPN on the > > windows machine. > > > > I don't want to have to install OpenVPN on each windows machine, windows xp > > already has a client built in, I would like a Linux server that would work > > with the built in windows client, am I wrong in assuming that OpenVPN on the > > Linux box will not work with the XP client? > > > While I don't know your situation... > The MIcrosoft included Windows VPN clients are insecure. Which has > been proven multiple times. I would only impliment a Windows solution > under protest. In fact I have migrated people to OpenVPN. Not to defend Microsoft or anything... You're thinking of the old PPTP/L2TP over GRE stuff that Bruce Schneier and Mudge lambasted years ago on Windows 2000 and earlier. That was supported by the PopTop project on Linux. Windows XP is now using IPSec NAT-T as the core of their XP VPN and it does interoperate with OpenSWAN and does NOT have the security problems of the old PPTP. I think Windows XP still can support the older PPTP but only for older installations, and I'm not even totally sure about that. You are right with regards to that older stuff... I wouldn't use PPTP for anything. But the modern MS VPN stuff is pretty straight forward X.509 certificate based IPSec over NAT-T 4500/udp. There's more information on how to do that over with the OpenSWAN crowd. > I find the installation of the windows client trivial and you end up > with a reliable secure solution. > -- > Leonard Isham, CISSP > Ostendo non ostento. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
