[MY SOLUTION] Recommended way to setup an encrypted tunnel (a VPN)
On Tue, Jul 10, 2001 at 05:36:08PM +0200,
Stephane Bortzmeyer <bortzmeyer@netaktiv.com> wrote
a message of 24 lines which said:
> I have to connect two networks together and the virtual link needs to
> be safely encrypted (some users know SSH but some will just POP
> blindly and LDAP in woody is not SSLized anyway).
I finally choose stunnel+PPP. Both are available in Debian packages,
no patch to the Linux kernel is needed. I already know SSL and PPP,
and both are proven technologies.
www.stunnel.org
For the specific cas of a VPN,
http://www.stunnel.org/examples/pppvpn.html
It is not technically beautiful (you run TCP over PPP over a SSL
connection which already is TCP!) but it works.
> - I tried pipsecd + userlink. The userlink module seems severely
> broken, at least with kernel 2.4. A simple ifconfig stays in D 'disk
> wait' forever!
I tried several tricks but without any solution.
> - ssh + ppp seems interesting because I know both of them. But is
> there a trick when you combine them?
> http://www.linuxdoc.org/HOWTO/VPN-HOWTO.html does not seem to be
> maintained.
The problem is that it needs another program (the pty redirector),
which is not in Debian.
> - GRE module in the kernel? (I use 2.4 on woody) Anyone has something
> to say about it?
I tried it, it works fine, it is simple to configure but you cannot
encrypt (and authentication is lame).
[Freeswan]
The patch to the kernel does not compile (see the bugs against
kernel-patch-freeswan).
Reply to: