On Tue, Feb 29, 2000 at 11:46:05PM -0600, Paul Sack wrote:
| I have root on two boxen, one of which is behind a firewall. (I can telnet
| to the one from the other, but not from the other to the one.) I checked
| out fwmprc and am thoroughly confused. (If you want to see how *not* to
| package a package I suggest looking at it- make instructions, docs,
| license, source, and sample . file in one file.) Has anyone done this
| before?
I'm not familiar with fwmprc so I can't comment on it.
However, I have set up a VPN which used ppp being run over a ssh
connection. I did have some minor problems with it - if I pushed lots
of data over it at once it would need to be restarted (probably a ssh
buffering problem) but other than that it worked quite well. It
certainly was good enough for general use.
I set it up based mostly on the instructions included in the VPN
mini-HOWTO, which may already be installed on your box. It's also
documented in the O'Rielly VPN book (mostly the same stuff) if I
recall correctly.
If you have a 2.2.x kernel and are using the /dev/pts ptys, you'll
need a slightly changed version of the pty-redir program. I can get
that for you if needed ...
So much for the technical part of my answer ... now on to the
political part of my answer ...
Judging from your headers, you work at Tivoli ...
From: Paul Sack <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
I worked at Tivoli too - up until a month ago, actually. I'd been
there for 2.5 years and my career there was going very well. And
then, out of the blue, I was fired.
My crime? The VPN setup between my home and work box that I'd been
doing for about a year was discovered (quite accidently) by IT. I
used the VPN to get work done from home without using Tivoli's
overloaded modem banks, and it worked very well.
It didn't really matter that there was no specific Tivoli policy that
prohibited it (only an IBM policy, but Tivoli is owned by IBM, so
their policies apply.) It didn't matter that it was reasonably
secure, and it didn't matter that my co-workers, my boss, and even
some people in IT all knew I was doing it months before it became a
problem (after all, I never thought it was a problem - why would I
keep it a secret? I thought it was rather cool ...)
Ultimately I think I was fired (rather than just told not to do that)
because I embarrassed somebody important (rather than actually doing
anything really bad.) Either way, if this machine that you're
mentioning is behind Tivoli's firewall (or anybody else's, for that
matter) you might want to be *very* careful what you set up.
[ Just for the record, I now work at Vignette, and they provide us
with a VPN setup (as did most of the places I interviewed with.)
And it works quite well. Well, the Windows client works - haven't
gotten the Linux client working yet. :) ]
[ and on an unrelated note, looks like the list is still using orbs
... and yet my TWRR connected host is not in orbs, according to
http://www.orbs.org/verify.cgi?address=24.27.53.112 ...
yet ...
----- The following addresses had permanent fatal errors -----
[EMAIL PROTECTED]
----- Transcript of session follows -----
... while talking to locutus.csres.utexas.edu.:
>>> MAIL From:<[EMAIL PROTECTED]>
<<< 550 Mail from 24.27.53.112 rejected;see http://www.orbs.org/
554 [EMAIL PROTECTED] Service unavailable
]
--
Doug McLaren, [EMAIL PROTECTED]
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
