Hi Scott,
Is there a linux VPN solution that will talk
to a Cisco VPN router (IPsec)?
Thanks ... Charles
-----Original Message-----
From: Scott Patten [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 10:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] VPN software
> Is there an RPM for freeS/WAN or poptop available or do we need to install
> from source?
I've never seen one. I have looked. This makes sense though. Both
require patching the kernel. I know there are various capabilities added
to the Mandrake kernels (reiserfs, security patches, etc.) but I don't
think that freeS/WAN or PoPTop are included.
> Also, does 7.2 support the latest version of poptop and
> FreeS/WAN?
It doesn't support it in the sense that it doesn't ship with it. The only
way that I have seen these available is in source form. You compile the
patched kernel and you compile supporting software with one command
typically. The freeS/WAN docs cover this rather well.
> I assume the FreeS/WAN is more difficult to configure in a MS
> / Linux environment since it requires a 3rd party client software.
I'm not certain but I think that freeS/WAN will talk to MS IPSec. I have
not tried though. I saw somewhere that there is a (commercial?) PGP
package that supports this under Windows too.
Do you need to encrypt TCP traffic or UDP as well? Do you need to access
lots of ports or only a few? Do you have a couple users or many? A simple
(simple to set up) solution is to use OpenSSH on the linux server and
TerraTerm and TTSSH on the Windows client to gain access to specific ports
on a secure network. This isn't perfect by any means but it's much easier
to configure. I actually have used all 3 methods and I like freeS/WAN the
best. It also took the most time to configure and only works between 2
Linux systems.
I have seen other solutions on Freshmeat. I have tried a couple with no
success (because of a problem with ipchains and not the particular
software). There are solutions that don't require patching the kernel but
I think they only work in Linux or *nix environments.
Cheers,
Scott Patten
