To expound upon my earlier answer, since I am more awake now (had my 2nd
and 3rd cup of coffee), here is the original answer with a bit more
detail:
I'm not sure what you are asking. If you just want to be able to connect
to the firewall box and log into it directly, use OpenSSH. Anything else
is overkill. If you are looking for a VPN solution, there are several
for Linux.
FreeS/WAN's strengths are that it 1) can use large keys 2) can use RSA
authentication 3) is a stable IPSEC implimentation 4) Isn't all that
hard to set up (*IF* you RTFM a few times ;-) ). If security is your
goal, then I would recommend FreeS/WAN. However, it will require that
you do some funky routing, which really isn't all that hard, but it
get's annoying after a while. Read the docs @ http://www.freeswan.org,
and use the newest 1.5 or 1.6 release, as 1.7 still has a few issues. I
wouldn't recommend FS for a single machine connection, since it is
really ment to be used to connect multiple networks securly. To use it
for a single machine is overkill. It's primarily designed for remote
offices and the like.
There is also PoPToP (http://www.moretonbay.com/vpn or
http://poptop.lineo.com), which is a pptp implimentation for Linux
(Without the M$ extensions and embracements). The benefits of pptp are
that it is easy to set up and manage, it can use 128-bit rc4 encryption
(not all that great, but OK), and it allows both Linux and MS clients to
connect. It is a point-to-point connection rather than a tunneled
connection (I don't *CARE* if they want to call it a tunneling protocol,
it *ISN'T*) FreeS/WAN can be used with MS clients, but it requires 3rd
party commercial software and some wierdness of key management.
With all of this having been said (twice now), I have one more
suggestion. Don't use your firewall as a VPN box. My argument, as
always, is that a firewall should be a firewall, and nothing else. But,
for many of the same reasons, a VPN box should be a VPN box and nothing
else as well. Since the whole point of a VPN box is to allow outside
connections and enable remote-computing, there is an enherent risk
factor. You need to now expand your trust from the systems that you
manage to the systems that you don't manage. Using the firewall gives
you the advantage of not having to deal with any routing wierdness, but
it also multiplies your risk. If something goes wrong, you have to take
down the firewall, which can never be good for business ;-). There are
several VPN solutions out there, both free/OSS and commercial. You need
to define your needs more clearly, then find the one that meets them.
FYI,
Kenny
PS Others to look at:
TunnelVision http://www.worldvisions.ca/tunnelv/
IPSEC for Linux ftp://ftp.eunet.cz/icz/ipnsec/
Cerberus http://www.antd.nist.gov/cerberus/
L2TP http://www.marko.net/l2tp/
CIPE http://sites.inka.de/sites/bigred/devel/cipe.html
VTUN http://vtun.netpedia.net/
OpenSEC http://www.opensec.net/tunnel.html
Ferenc Tamas Gyurcsan wrote:
>
> Hi everybody,
>
> Does anybody know where I could find information about connecting to a windows
> firewall? I know, this could be a little more detailed description, but I
> don't know much else about it. Some guys managed to configure their linux IP
> masq machine so that the windows machine on their home network could connect to
> the firewall, but I don't have a win machine, so I would prefer a native linux
> solution. We got suggestions for trying FreeSWAN. Would it work? Or something
> else?
>
> Thanks,
> --Ferenc
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
