FreeS/WAN in action By Phil Hochmuth
If you've explored the open source product FreeS/WAN [Free Secure WAN], but have been hesitant to pull the trigger, consider the alternative, says Tony Karakashian, a network administrator for chemical manufacturer Rochester Midland. "Why pay $20,000 for firewall products that require a lot of work and are not 100% secure anyway?" he says. Instead, he used Linux routers and FreeS/WAN to create a 15-site VPN for his firm, using recycled PCs and some extra hardware. FreeS/WAN is open source software that can be used, in conjunction with Linux, to set up a secure, encrypted VPN tunnel connection between two networks over the Internet. According to the project's Web site, users can secure their networks with a PC running Linux, FreeS/WAN software and two Ethernet Cards. This encryption box would sit between a company's LAN and firewall and encrypt incoming and outgoing traffic sent over a WAN. Rochester Midland was looking to replace its Frame Relay network, and Karakashian was given the task of "coming up with the best, cheapest solution I could find," he says. Cisco's PIX firewall and VPN products were considered for the project, but Karakashian says a network based on all Cisco gear would have run upwards of $20,000 total. Since Karakashian had a Linux background from college, he proposed the idea of a VPN based on Linux machines to his vice president of technology. He got the green light when he told his boss that he could replace the Frame Relay routers with some Pentium II PCs running Linux (which has an IP router function native in its kernel) and a Linux-based software package called FreeS/WAN, which provides packet filtering and VPN tunnel encryption. For WAN connectivity, he used PCI-based T-1 interface cards from a company called Sangoma Technologies, which he found to be compatible with Linux and his PC hardware. "When I said we had most of the hardware already to build the network," Karakashian says, recounting the conversation with his company's CIO, "and that the software would be free, he liked that." -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
