Re: Big VPN

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: Big VPN
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
Date: Tue, 2 Mar 2004 22:08:22 +0100
Message-id: <[🔎] 20040302210822.GA25255@xinara.org>
Mail-followup-to: Debian Security <debian-security@lists.debian.org>
In-reply-to: <[🔎] 1078260094.1147.25.camel@tower.int-srv.pl>
References: <[🔎] 1078260094.1147.25.camel@tower.int-srv.pl>

On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote:
> I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid
> about security.

If you're looking for a VPN solution, by all means look at FreeS/WAN (or its
likely successor, OpenSWAN). Just forget about OE. OE isn't about the type
of security you're looking for in a VPN.

> If I understand this solution right there is no authentication at all.

With OE that may be true. For a VPN you shouldn't configure OE, but use one
of the authentication methods in IPSec, like RSA digital signatures, or a
shared secret.

http://en.wikipedia.org/wiki/IPSEC provides a nice overview of IPSec.

HTH,
Ray
-- 
AJ: Geeez, Erwin. He wasn't even ARMED.
Erwin: I don't care. I have lots of ammo and he was wearing a TIE.
	http://ars.userfriendly.org/cartoons/?id=20010209

Reply to:

Follow-Ups:
- Re: Big VPN
  - From: Jacques Normand <jnormand@nerim.net>

References:
- Big VPN
  - From: Jaroslaw Tabor <jarek@srv.pl>

Prev by Date: Re: Big VPN
Next by Date: Re: Big VPN
Previous by thread: Re: Big VPN
Next by thread: Re: Big VPN
Index(es):
- Date
- Thread