Re: VPN: SSH or IPSec???

To: debian-security@lists.debian.org
Subject: Re: VPN: SSH or IPSec???
From: "Jeremy T. Bouse" <jbouse@debian.org>
Date: Wed, 16 Apr 2003 10:02:19 -0700
Message-id: <[🔎] 20030416170219.GB11993@UnderGrid.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030416154945.EFE971BD77@nils.galicia.ugt.org>
References: <[🔎] 20030416154945.EFE971BD77@nils.galicia.ugt.org>

	I haven't made use of SSH for VPN purposes as I tend to remove
PPP completely from the system after I install as I don't use dial-up
service for internet so I don't have it available for use with a SSH VPN
connection... I have used the FreeS/WAN IPSec solution and still use it
for a VPN solution for both Windows and Linux clients alike... On the
Windows side I use SSH Sentinel by SSH Communication and of course
FreeS/WAN for Linux both server and client side using X.509
certificate authentication... I haven't had any problems with IPSec that
would make me want to bother trying to use SSH for a VPN connection...

	One disadvantage I could see with SSH is that you would have to
have an account for the remote user to use to authenticate with to make
the VPN tunnel... Or a shared acct, dislike that idea even more... I
tend to run my IPSec VPN gateway machine with as few accts or access as
possible so this doesn't appeal or apply to my network topography...
With FreeS/WAN IPSec with X.509 certificates the configuration can be
made to accept valid certificiates signed by a specific Certificate
Authority (CA) which is easy enough to setup with OpenSSL provided
scripts... Then if you need to revoke access for a given certificate you
just issue the Certificate Revokation List (CRL), again using OpenSSL,
and FreeS/WAN will no longer honor that certificate.

	Regards,
	Jeremy

On Wed, Apr 16, 2003 at 04:49:45PM +0100, Servicios Inform?ticos UGT Galicia wrote:
> 
> 
> 	I'm planning to set up a VPN.  I started reading The VPN Howto, but I come to a crossroad as early as soon as I read past chapter 2:
> 
> 	Should I use SSH or IPSec to set up my VPN?
> 	Which are the drawbacks and advantages of both?
> 
> 	I would like to know what's your opinion about it so I can choose the most suitable option for me.
> 
> 	Thank you
> -- 
> 
> ==============================
> Felipe Mart?nez Hermo
> felipe@galicia.ugt.org
> fmartinez@galicia.ugt.org
> ==============================
> Servicios Inform?ticos
> UGT Galicia
> informatica@galicia.ugt.org
> ==============================
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- VPN: SSH or IPSec???
  - From: Servicios Informáticos UGT Galicia <informatica@galicia.ugt.org>

Prev by Date: Re: VPN: SSH or IPSec???
Next by Date: Re: VPN: SSH or IPSec???
Previous by thread: Re: [despammed] Re: VPN: SSH or IPSec???
Next by thread: Re: VPN: SSH or IPSec???
Index(es):
- Date
- Thread