Re: Recommended way to setup an encrypted tunnel (a VPN)
If you want an easy way to setup IPsec, contact a network security consultant that understands it.
I think they are rare.
One organization that I know does understand IPsec is protectix. They offer a turn-key solution which is designed around open source. The advantage of using protectix is they also develop IPsec devices.
http://www.protectix.com/
Their device is called the Prowall.
If this is not feasible or you want to do it yourself, start reading.
Read all the documents on the IPsec listserve.
http://lists.freeswan.org
Design:
http://lists.freeswan.org/pipermail/design/
Using:
http://lists.freeswan.org/pipermail/users/
Briefs:
http://lists.freeswan.org/pipermail/briefs/
Here is an intro to VPN
http://www.synthcom.com/~val/cs510/termpaper.htm
-Ted Knab
Senior Otaku
Breezy Network Solutions
On Tue, Jul 10, 2001 at 11:25:24AM -0500, Jeremy Gaddis wrote:
> Using an IPSec VPN is probably the "best" way to do it.
> FreeS/WAN (http://www.freeswan.org) is a Linux implementation
> of IPSec, but it's not the easiest thing in the world to
> configure.
>
> j.
>
> --
> Jeremy L. Gaddis <jlgaddis@blueriver.net>
>
> -----Original Message-----
> From: Stephane Bortzmeyer [mailto:bortzmeyer@netaktiv.com]
> Sent: Tuesday, July 10, 2001 10:36 AM
> To: debian-isp@lists.debian.org
> Subject: Recommended way to setup an encrypted tunnel (a VPN)
>
>
> I have to connect two networks together and the virtual link needs to
> be safely encrypted (some users know SSH but some will just POP
> blindly and LDAP in woody is not SSLized anyway).
>
> I wonder what is the recommended way to setup an encrypted tunnel (to
> make a VPN) between two Debian boxes:
>
> - I tried pipsecd + userlink. The userlink module seems severely
> broken, at least with kernel 2.4. A simple ifconfig stays in D 'disk
> wait' forever!
>
> - ssh + ppp seems interesting because I know both of them. But is
> there a trick when you combine them?
> http://www.linuxdoc.org/HOWTO/VPN-HOWTO.html does not seem to be
> maintained.
>
> - GRE module in the kernel? (I use 2.4 on woody) Anyone has something
> to say about it?
>
Reply to: