On Thu, 2005-10-27 at 05:39 -0700, Rick Lim wrote: > > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] > On Behalf Of Leonard Isham > Sent: Thursday, October 27, 2005 4:50 AM > To: For users of Fedora Core releases > Subject: Re: Best VPN server to use on Fedora : > > Hi Kenneth, > > > > I have looked at OpenVPN, from what I can figure out.... with a Linux VPN > > server and windows xp clients you would have to install OpenVPN on the > > windows machine. > > > > I don't want to have to install OpenVPN on each windows machine, windows > xp > > already has a client built in, I would like a Linux server that would work > > with the built in windows client, am I wrong in assuming that OpenVPN on > the > > Linux box will not work with the XP client? > While I don't know your situation... > The MIcrosoft included Windows VPN clients are insecure. Which has > been proven multiple times. I would only impliment a Windows solution > under protest. In fact I have migrated people to OpenVPN. > I find the installation of the windows client trivial and you end up > with a reliable secure solution. > -- > Leonard Isham, CISSP > Ostendo non ostento. > > Not trying to doubt your word, but can you point me towards articles to > prove the built in VPN to be less than desirable? He's thinking of the old Windows NT / Windows 2000 PPTP VPN which was horrible. Bruce Schneier (of Applied Cryptography fame) and Mudge (L0pht) tore it to shreads and MS partially fixed some of the problems they uncovered. It was supported under Linux through the PopTop project but I wouldn't use it at gunpoint. It also had troubles with NAT devices because it used GRE (IP protocol 47) encapsulation tunnels which were not real well supported. Windows XP supports IPSec NAT-T for its VPN and it does interoperate with Linux (OpenSWAN, StrongSWAN, or Racoon). I would recommend you check out the OpenSWAN project for more documentation on setting all that up and setting up the X.509 certificates you're going to need. I haven't personally set one of these up but there are people on the OpenSWAN list who have discussed doing exactly what you are trying to do. > I have to be able to prove my case to my users that the installation of > "another" client is required...... > Thanks. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
