Re: tyny VPN help

To: Matthew Palmer <mpalmer@debian.org>, debian-firewall@lists.debian.org
Subject: Re: tyny VPN help
From: Mike Mestnik <cheako911@yahoo.com>
Date: Fri, 17 Dec 2004 15:51:40 -0800 (PST)
Message-id: <[🔎] 20041217235140.49881.qmail@web11907.mail.yahoo.com>
In-reply-to: <[🔎] 20041217221826.GD6358@hezmatt.org>

--- Matthew Palmer <mpalmer@debian.org> wrote:

> On Fri, Dec 17, 2004 at 10:34:04PM +0100, Leonardo Boselli wrote:
> > A first suggestion was to use a VPN but before digging in
> documentation or
> > asking you to send me hints and help i wish to know if this is
> feasible.
> > The idea would be to tunnelize all traffic trought a single port and
> > export on the subnet so it would appear as coming out of an address of
> the
> > subnet [ideally the same one of his turned-off office machine].
> 
> That's the typical use-case (roughly) of a VPN, yes.
> 
> > Would this require a separate router or can be accomplished by a
> single
> > computer.
> 
> Depends on the VPN system, but there are systems that can work with an
> endpoint being a regular machine inside the destination subnet, yes.
> 
> > Another problem: he want o retain his winXP pc ... with the OS ..
> > with this additional limit is possible ? 
> 
> Certainly.
> 
> There are three ways of providing this functionality:
> 
> 1) IPSec.  Large, clunky, and complex, but the "gold standard" for VPN
> systems.  Common implementations for Linux currently require the
> endpoint to
> be on the periphery of the protected subnet, not inside it (and it shits
> me
> to tears).  Windows support available but a little fiddly.
> 
http://www.sandelman.ottawa.on.ca/ipsec/1998/06/msg00122.html
Private addresses
   on the Intranet can be handled by using NAT  (network address and
   port translation) or dynamically assigning the remote host an
   internal address (as described in the ISAKMP configuration draft).

> 2) PPTP.  Microsoft's rather shoddy attempt at making a VPN happen. 
> Insecure as all hell (Bruce Schneier did a good critique), but since
> Microsoft made it Windows has good support for it.  There are Linux
> implementations available of both the server and client, but they can be
> a
> little tricky to get going.
> 
> 3) OpenVPN.  A new one on the radar for me (I've only recently started
> looking into it), it looks like it could be a good fit between the two
> above
> extremes.  Appears to be reasonably secure, the endpoint can live inside
> the
> protected subnet (apparently, haven't tried this out yet), generally
> straight-forward to configure, and there is a Windows implementation as
> well
> as the Linux one.
> 
> - Matt
> 

> ATTACHMENT part 2 application/pgp-signature name=signature.asc




	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail

Reply to:

Follow-Ups:
- Re: tyny VPN help
  - From: Matthew Palmer <mpalmer@debian.org>

References:
- Re: tyny VPN help
  - From: Matthew Palmer <mpalmer@debian.org>

Prev by Date: Re: tyny VPN help
Next by Date: Re: tyny VPN help
Previous by thread: Re: tyny VPN help
Next by thread: Re: tyny VPN help
Index(es):
- Date
- Thread