[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting up VPN's



Raphael SurcouF wrote:
On Fri, 16 May 2003 01:21:44 +0200, Marcel Weber wrote:
I do this with vpnd. The server has a dyndns domain name. On the client side, you can put in the fully qualified domain name of the server instead of the ip address. Works quite reliable. Of course from time to time the link goes down: Each time the isp cuts the server's connection to set a new IP adress for it, you will get an interruption until the client is able to resolve the new IP.


This is not secure...
You must use DNSSEC if possible to ensure than FQDN is coming from the
right DNS server.


Yes, but the other side that does the dns spoofing would need the encryption key, as the data is encrypted using blowfish. You would have the same problem, if someone could manage to do an ip spoofing, wouldn't you? Of course this kind of vpn is quite vulnerable to a DoS.

Using ipsec is better, of course, as not only the payload is secured but also the ip header.

Regards

Marcel




Reply to: