Re: [TriLUG] VPN questions

Thu, 14 Aug 2003 17:23:18 -0700

What is the group's opinion of PPTP (http://www.poptop.org) as VPN software? I was thinking of using this to connect Windoze clients into a corporate network since the pptp client is built into M$ os's.

Ryan Leathers wrote:
Jon,

I appreciate the response, and I had considered using SSH but my hunch
is it won't meet my needs. Although I use SSH to tunnel VNC and other
stuff I recognize an obvious performance hit when I do so. This is to
be expected using a character application for something it wasn't truly
designed to do. Given the volume of data I expect to push around across
the Internet I THINK I need something with a greater payload to header
ratio. IPSEC is the likely winner in my mind. 

Upon further review of FreeS/WAN the "road warrior" examples are pretty
close to on target for my needs so I'm gonna give that a go.  If it
doesn't work out I'll fall back on SSH as the lowest common denominator
approach - I know I can at least move SOME amount of data where I want
it that way.

Ryan


On Tue, 2003-08-12 at 16:03, Jon Carnes wrote:

I think you will be happy with ssh.  The machine behind the NAT/firewall
will have to initiate the connection, but ssh can do port tunneling, and
that is exactly what you want.

If you want details, let me know - or read the archives from yesterday!

Jon Carnes

On Tue, 2003-08-12 at 15:24, Ryan Leathers wrote:

I would like to put a Linux server in a remote LAN where the LAN users
will access a web application running on the server.  I need that server
to connect to a database through a Cisco VPN concentrator or PIX across
the Internet.  I have looked at using the Cisco VPN client for Linux,
but it requires that UDP traffic be allowed inbound to the client.  I
can't allow this.

Can anyone suggest a solution that will use only client initiated
connections - preferably on TCP 443 ?

I am now looking at FreeS/WAN but this seems to be all about forwarding
traffic through a tunnel between private networks rather than a client
connecting via a tunnel. As such my concern with freeswan is that
timeout induced reconnects will not necessarily be initiated from the
client (remote LAN) side. 



--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

Reply via email to