On Tue, 2008-02-12 at 19:30 +0200, Alan McKinnon wrote: > On Tuesday 12 February 2008, Etaoin Shrdlu wrote: > > On Tuesday 12 February 2008, Alan McKinnon wrote: > > > Your statement "it seems like running SSH inside a VPN is better > > > for security than running SSH on a non-standard port" is > > > non-sensical. From a security and encryption perspective, ssh and > > > OpenVPN are exactly the same thing - stuff wrapped in an encryption > > > layer provided by ssl, complete with exactly the same key setup > > > should you choose to use that route. > > > > Perhaps confusingly, ssh itself can be used to create openVPN-like > > VPNs (actually, much simpler), using the -w option and a couple of > > tun (or tap) interfaces on the connected computers. > > hehehe, I'd forgetten about that one for a bit :-) > > I just thought of a nice way to describe the difference (seeing as > technically they are essentially equivalent): > > Use SSH if you need a quick ad-hoc connection or something temporary. > Use OpenVPN if you need something more permanent that is always prsent > and just works. > > -- > Alan McKinnon > alan dot mckinnon at gmail dot com >
Another alternative not mentioned so far - zebedee. Its a port based tunnel - that is instead of creating a new network with all its fuss and bother, just create a local port (may be on another local machine) that "surfaces" on a distant machine/network. I used it for many years for email and protecting telnet servers before openvpn became of age and my needs expanded. Recommended. Again, ssh can do this as well, but zebedee is a lot more flexible/convenient. Create tunnels for ports 25, 143 and 631 and you have email and cups. e.g., I map port 2225 to port 25 and set my local mail client to send email to localhost:2225 and it magicly connects to my mail server at home. It can also be done at a user level - you dont need admin privileges so if you have user level access to a machine, you can run a tunnel on it unlike openvpn. It is also cross platform which is nice :) >From the mailing list, it seems there are quite a few enterprise users as its got a good reputation in its niche. BillK -- gentoo-user@lists.gentoo.org mailing list
