Re: vpn in OBSD 4.1
Hi, On Fri, 11.05.2007 at 08:33:03 -0400, Lars D. Noodin [EMAIL PROTECTED] wrote: However, by connecting MS Windows machines into your VPN you neutralize many of the security benefits that you may have in place. I'd say that depends on your setup. Imho, for many people, using a VPN is meant to protect MS Windows machines from the outside, and we're using a third-party IPSEC client that can easily be configured to only allow the bare minimum of traffic to get the VPN going, and the IPSEC traffic itself. So, you're only in your VPN, wherever you are, at least in theory. Such a setup is routinely done in a way to the holes resulting from the design and production flaws permeating the entire brand, apparently the EULAs now grant remote admin rights to third parties. prevent such kind of access, too. But then, this requires that you have some other means of software installation, distribution etc.pp. for your Windows machines in place... Best, --Toni++
Re: vpn in OBSD 4.1
On Fri, 11 May 2007, Adam Hawes wrote: You're well advised to go do some reading on your own. If you had you would have discovered that OpenVPN ahs a tutorial page for configuring the server, as does the readily available PPTP server. It's not a funny joke to be recommending PPTP to anybody. Some may miss the sarcasm and actually try to deploy it. Any further amount of reading (if done) would reveal that PPTP can't really be called secure and should be avoided. Its successor, L2TP, can be improved somewhat, at least the connections, by tunnelling over SSL. But then why not cut out the middleman and use SSL to begin with? Fewer parts that way. IPsec and SSL are your two options: http://www.vpnc.org/vpn-standards.html I'm wondering that since IPsec is part fo IPv6, the equivalent to an IPsec-on-IPv4 VPN could be made using IPv6 instead. Maybe that would be smarter in the long run. -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: vpn in OBSD 4.1
so i must using ipsec for security reason , how about the client ( such us Microsoft ) can they use ipsec too. On 5/11/07, Lars D. Noodin [EMAIL PROTECTED] wrote: On Fri, 11 May 2007, Adam Hawes wrote: You're well advised to go do some reading on your own. If you had you would have discovered that OpenVPN ahs a tutorial page for configuring the server, as does the readily available PPTP server. It's not a funny joke to be recommending PPTP to anybody. Some may miss the sarcasm and actually try to deploy it. Any further amount of reading (if done) would reveal that PPTP can't really be called secure and should be avoided. Its successor, L2TP, can be improved somewhat, at least the connections, by tunnelling over SSL. But then why not cut out the middleman and use SSL to begin with? Fewer parts that way. IPsec and SSL are your two options: http://www.vpnc.org/vpn-standards.html I'm wondering that since IPsec is part fo IPv6, the equivalent to an IPsec-on-IPv4 VPN could be made using IPv6 instead. Maybe that would be smarter in the long run. -Lars Lars Noodin ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute -- sonjaya http://sicute.blogspot.com
Re: vpn in OBSD 4.1
On Fri, May 11, 2007 at 03:53:39PM +0700, sonjaya wrote: On 5/11/07, Lars D. Noodin [EMAIL PROTECTED] wrote: On Fri, 11 May 2007, Adam Hawes wrote: You're well advised to go do some reading on your own. If you had you would have discovered that OpenVPN ahs a tutorial page for configuring the server, as does the readily available PPTP server. It's not a funny joke to be recommending PPTP to anybody. Some may miss the sarcasm and actually try to deploy it. Any further amount of reading (if done) would reveal that PPTP can't really be called secure and should be avoided. Its successor, L2TP, can be improved somewhat, at least the connections, by tunnelling over SSL. But then why not cut out the middleman and use SSL to begin with? Fewer parts that way. IPsec and SSL are your two options: http://www.vpnc.org/vpn-standards.html I'm wondering that since IPsec is part fo IPv6, the equivalent to an IPsec-on-IPv4 VPN could be made using IPv6 instead. Maybe that would be smarter in the long run. so i must using ipsec for security reason , how about the client ( such us Microsoft ) can they use ipsec too. Yes, but don't use the stock IPsec client. Really, the archives are full of this discussion. Please take a good look there, first; if you encounter any problems, you are welcome to ask, but *please* search the archive first. Joachim -- TFMotD: release (8) - building an OpenBSD release
Re: vpn in OBSD 4.1
On Fri, 11 May 2007, sonjaya wrote: so i must using ipsec for security reason , IPsec or SSL. You may wish to try IPsec with IPv6. That will future-proof your VPN, at least in theory, and raise the bar slightly for intrusion. how about the client ( such us Microsoft ) can they use ipsec too. I asked around a few weeks ago and have heard that MS systems can use IPsec. However, you will want to avoid any clients built into MS Windows and use instead the ones that come with the VPN or maybe third party ones. KVpnc is supposed to work with OpenVPN. However, by connecting MS Windows machines into your VPN you neutralize many of the security benefits that you may have in place. Not counting the holes resulting from the design and production flaws permeating the entire brand, apparently the EULAs now grant remote admin rights to third parties. Joachim mentions the archives. It would be nice to have an 'official' archive using the openbsd.org domain. As it stands, the contents of the existing archives seems to vary from site to site: http://www.openbsd.org/mail.html#Archives regards, -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
vpn in OBSD 4.1
Dear all i looking tutorial for install vpn in obsd 4.1 with client microsoft xp or mac also support netbios for file or print sharing so what can i use openvpn , ipsec , vpn ? -- sonjaya http://sicute.blogspot.com
Re: vpn in OBSD 4.1
Hi. i looking tutorial for install vpn in obsd 4.1 with client microsoft xp or mac also support netbios for file or print sharing so what can i use openvpn , ipsec , vpn ? You obviously haven't looked very far? OpenVPN and pptp are in Ports. I use OpenVPN for ease of use on *BSD, Linux, Mac, Windows. Netbios sharing comes down to how you've configured the VPN tunnel (routed, bridged, WINS). You're well advised to go do some reading on your own. If you had you would have discovered that OpenVPN ahs a tutorial page for configuring the server, as does the readily available PPTP server. Installing is left as an (Easy) exercise to you. A
Re: vpn in OBSD 4.1
On Fri, May 11, 2007 at 08:11:41AM +0930, Adam Hawes wrote: Hi. i looking tutorial for install vpn in obsd 4.1 with client microsoft xp or mac also support netbios for file or print sharing so what can i use openvpn , ipsec , vpn ? You obviously haven't looked very far? OpenVPN and pptp are in Ports. I use OpenVPN for ease of use on *BSD, Linux, Mac, Windows. Netbios sharing comes down to how you've configured the VPN tunnel (routed, bridged, WINS). You're well advised to go do some reading on your own. If you had you would have discovered that OpenVPN ahs a tutorial page for configuring the server, as does the readily available PPTP server. Installing is left as an (Easy) exercise to you. Just note that PPTP isn't particularly secure. IPsec is nice, but hard(er) to get right in the presence of a lot of crappy routers. OpenVPN mostly Just Works, but is slower and at least the OpenBSD implementation of IPsec is arguably more secure. Joachim -- TFMotD: dhclient.conf (5) - DHCP client configuration file
