l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2004 Sep 28 00:31

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] VPN question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] VPN question



On Mon, 27 Sep 2004, Peter Jay Salzman wrote:

> I was given a laptop by the college I work at (well, loaned, actually).  It
> had Windows XP on it.  I just did a Debian net install on it, but it was
> really exhausting hearing people say:
> 
>    * You realize we won't support it, right?
> 
>    * It's against school policy to install your own software.
> 
>    * How are you going to check mail?  Read Word documents?  See ppt
>       presentations?
> 
> over and over and over.  I felt like Linux was a dirty word, and I had to
> smile, be polite and nod my head in agreement for over an hour to placate the
> people at IT.  The coolest person was the dean of IT, Mark, who was totally
> supportive.  Even though he doesn't use Linux himself, he was the only person
> who seemed totally cool to the idea.  I guess that's why he's in charge.  :)
> He's a good guy.
> 
> Anyhow, on to the question.  I'm going to be given access to a VPN.  I know
> nothing about VPNs.

You know that it means Virtual Private Network, right? Then you know more
than nothing.

> I'm hoping that there's a VPN protocol, and that it's not some propietary
> thing that I don't have a ghost in hell of connecting to with my home
> computers.  If it's a well known protocol, I'm sure there's a Linux client
> that I can use.

There exists Linux VPN software.  I don't like to think of them as
"clients", because they are more like software routers than browsers.

> Is VPN the kind of thing where every implementation is different and it has
> to be reverse engineered on an implementation by implementation basis (like
> parallel port scanners or certain P2P protocols) or is there one VPN protocol
> that uses the same authentication across implementations?

You want IPSec if possible, but that is like saying you want AVI... it is
a container for more specific implementation details, so you generally
need to know more than just the term "IPSec" to be sure it will work.

There is also PPTP, which M$ used to be big on, and which they screwed up
the first implementation of so you'll know how serious they are about
security if they are using PPTP v1.

Cisco provides their own "client" for various OSes, including Linux.  I am
pretty sure it is a variation of IPSec, because I have been able to
connect to a Cisco firewall from a Windows Cisco client inside my LAN, and
I know that forwarding VPNs through NAT usually requires special
kernel support, and the only support I have in my router is for IPSec.
However, due to the variety of encapsulated protocols available, you may
not be able to talk to a Cisco firewall without the Cisco client.

> And if VPN is standardized, what are some clients that people like?

I've been using a couple of IPCOPs recently ... kind of turns VPN into a
no-brainer.  I am about to embark on setting up a D-Link DFL-80 and
connecting to it.  IPCOP uses Free/SWAN for VPN, which has been pretty
popular for awhile, but is apparently superceded by openswan [1] (which
has a Wiki with some interoperability information [2]) and strongswan [3].

Disclaimer: I have not yet successfully connected to a commercial VPN
firewall remotely with other than their supplied VPN endpoint software...
mostly because extracting the information necessary to research the
connection has been impossible, as most firewall managers seem to operate
on the "security through obscurity" principle.

-----

[1] http://www.openswan.org/
[2] http://wiki.openswan.org/index.php/interperating
[3] http://www.strongswan.org/

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.