Hello list,
This topic was kinda-sorta touched on just the other day, but I want to come
around and tackle it head on, plus change the question a bit.
I am interested in hearing people's opinions on secure remote access (i.e.,
VPN) solutions that work with Linux and Windoze, together.
The typical situation is that our customers have a main office with
Linux-based server(s) and/or firewall(s), and want people outside the office
(e.g., at home, on the road) to be able to access the main office network
using the public Internet.
Here is the catch: Most of these outside systems are Windoze 98 computers
with DSL or cable links to the Internet. So we cannot just use FreeS/WAN or
PPP-over-SSH or some other nice Unixy solution on that end.
I am aware of PoPToP and PPTP, and have in fact recommended that in some
cases. The problem with this solution is that the Windoze end of the link has
no firewall or other protection against outside attack. For some clients,
this is an acceptable risk; for many others, it is not.
Additionally, throw in the fact that sometimes, the Windoze end has two or
three PCs on a SOHO network, making NAT a desired feature.
So, ideally, I would like an all-in-one, hardware-based, VPN/firewall/NAT
box on the Windoze end. It would protect the Windoze machine(s) with a
firewall, provide NAT if needed, and link that end to the main office. At the
main office end, again ideally, we would have Free Software (e.g., FreeS/WAN)
running on the Linux box to handle that end of the VPN link. However, I would
be willing to accept commercial Linux software and/or another embedded
solution, if that is what it takes to make things work well.
Why not just use a Linux PC in an embedded role at the SOHO end? In some
cases, that might actually be a good solution. However, there are cases where
an embedded box, with no disks to fail or general-purpose OS to manage, is
more appealing. Basically, we would be trading money and flexibility for
ease-of-setup and ease-of-administration. Sometimes you want to do that.
One product we are looking at, for the simple reason that the customer is
looking at, is a product from VPNet Technologies, Inc. Model VSU-100. The
feature list sounds pretty nifty, but I have no idea how well it would in
practice. Anyone have any experience with this company and/or product?
http://www.vpn.com/products/vsu3.0.htm
I look forward to hearing from people on this.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
