Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> It seems that SSL/TLS tunnels seem more popular now days. Of course. They are extraordinarily simple to set up, and provide all the security you need. IPSec is largely a relic... Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 18 November 2011 18:28, Vic wrote: > >> Yes, but there is a "NAT traversal" option with IPSEC where they put >> the encrypted payload in UDP packets. >> That method is much more likely to get through. > > That's NAT-T. To quote from Microsoft's own page[1]: > > "We do not recommend Internet Protocol security (IPSec) network address > translation (NAT) traversal (NAT-T) for Windows deployments that include > VPN servers and that are located behind network address translators." > > NAT-T is considered a security risk, and is disabled by default. It's best > that it remain so. > It seems that SSL/TLS tunnels seem more popular now days. That is what some of the Juniper VPN clients use. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 18/11/11 18:28, Vic wrote: NAT-T is considered a security risk, and is disabled by default. It's best that it remain so. Agreed... pity in my case both devices were behind NAT firewalls... The situation is, apparently, rare and we evaluated the options and decided it was probably best to make the needed registry change on Windows clients to make it work, rather than fight with our ISP to get proper (sane) addresses (our public IPs come from the 10.x.y.z pool). Chris -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> Yes, but there is a "NAT traversal" option with IPSEC where they put > the encrypted payload in UDP packets. > That method is much more likely to get through. That's NAT-T. To quote from Microsoft's own page[1]: "We do not recommend Internet Protocol security (IPSec) network address translation (NAT) traversal (NAT-T) for Windows deployments that include VPN servers and that are located behind network address translators." NAT-T is considered a security risk, and is disabled by default. It's best that it remain so. Vic. [1] http://support.microsoft.com/kb/885348/en-us -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 18 November 2011 16:20, Vic wrote: > >> ESP packets .. those are the ones that know what data you want before >> you ask for it. > > ESP is part of why IPSec is so damned horrible - it's IP, but it's > protocol 50 (Note: *protocol*, not port). > Yes, but there is a "NAT traversal" option with IPSEC where they put the encrypted payload in UDP packets. That method is much more likely to get through. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 18/11/2011 16:20, Vic wrote: OpenVPN has a lot to recommend it. But the first question I would ask is this: what, exactly, are you trying to enable with this tunnel? With hindsight I should have said at the start, but I thought the VPN should be a relatively minor issue. The company for which I work has recently been spun off from it's parent and is in new premises as of six weeks ago, with a new Win-SBS server. At essentially the same time, I began to work mostly from home, instead of in the office. I have on their new server a substantial amount of data for electronics CAD, software, documentation, svn repositories and so on, which at present I access through the proffered PPTP link. That works after a fashion, but the link is too slow. Sometimes that's just frustrating, sometimes worse as, for example, the CAD times out waiting for svn checkins to complete, even on only modestly large files. The bottle-necks are the uplink speeds at both ends, of around 1.2Mbps. Now I have two perfectly good fileservers here, both running proper(tm) operating systems (Ubuntu Server 10.04 LTS), one as a working server, the other I plan to use as a back-up mirror to the first. What I want to do is to copy all my data from the corporate server to my own server; use my own server for all the workaday activity, then overnight, synchronise my server's data with the company's server data. Overnight means I'm not swamping the limited uplink bandwidth when others are also trying to use it, and also means any large transfers can be done off-tarrif on my DSL. As a very useful side-effect, I also get good spatial redundancy of the data ... in the company's offices, in my home office, in my 'off-site' backup server (actually my garage, which is separated from the main house by some very significant firewalling), and also on the external drives that the company feels are sufficient for backup. They do at least take those off-site. Little oddities that add to this .. we have an ACT! crm system with which I'm expected to synchronise, which is presently on a fileserver at the parent company on another VPN link (Cisco). Hopefully ACT! will eventually collocate with the company's fileserver. But that's all Windoze and as I'm mostly on Linux here, I may just ignore it. I do sometimes need access to other data on the server, though not that much. I'm in two minds whether to mirror everything so I have that here also, or just my own stuff and access the other stuff by VPN when I need to. As an aside, I also have some external cloud storage, but that's available for Windoze only and suffers the same uplink issues as the VPN. I turned that off the other day when it was some 1700 files behind my work. Company email is the usual Microsoft klutz, which I presently access from here with a web browser. Kind regards, Gordon. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> ESP packets .. those are the ones that know what data you want before > you ask for it. ESP is part of why IPSec is so damned horrible - it's IP, but it's protocol 50 (Note: *protocol*, not port). > At this moment it feels like everything with the probable exception of > OpenVPN is a bit of a mess. Which probably suggests my best options. OpenVPN has a lot to recommend it. But the first question I would ask is this: what, exactly, are you trying to enable with this tunnel? Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 18/11/2011 10:20, Chris Malton wrote: On Fri, 18 Nov 2011 09:50:38 +, Gordon Scott wrote: I'm not sure which model our router is, I'll check next time I'm in the office (or maybe 'phone and ask), but it's definitely a Draytek Vigor with WiFi and three aerials, which seems from Draytek's site to suggest it already supports a number of VPN connection methods. Oh dear god! You're probably about to run into the same problem we had then. The DrayTek 2800 series (specifically the 2820s), seem to have a nasty firmware bug that causes outbound ESP packets to go walkabouts somewhere in the router, especially if you're doing any kind of NAT with it. I suspect it's a 2920n. IIRC it was black, somewhat curvy and with three aerials at the back. Hopefully the firmware bug is fixed/absent in this version Hopefully :-/ Google finds the 2820 bug, but not a 2920 bug. Might be a good sign. ESP packets .. those are the ones that know what data you want before you ask for it. I think you'll find there's only apochyphal evidence that those ever get delivered anywhere :-) If you find a solution, I'd love to know what you need to do. We found that a Netgear DG834 works great for testing purposes! I use Netgear at home. They seem to get it pretty much right most of the time. Just a word of warning. So long as you're not planning to send the boys round :-) At this moment it feels like everything with the probable exception of OpenVPN is a bit of a mess. Which probably suggests my best options. ATB, Gordon. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> The problem case was the Windows box being the central VPN > Gateway/server and after a period of time connections would start > failing. Hmmm. I've not seen that happen - and I used to use PPTP a lot. The biggest issues I used to see were ISPs dropping packets that I rather wanted delivered... Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> One of the support company's arguments for offering only PPTP was that > our available bandwidth is too low to allow too many other machines to > have VPN access. If that is really their position[1], then you need to get some sort of SSh server inside the network. This allows you to get file-level or command-line-level access to your systems; the conventional Windows admin method involves running RDP over PPTP or similar, and sending a graphical desktop involves much more bandwidth use than just the files you're actually interested in... Vic. [1] it almost certainly isn't; this is the sort of thing I usually see rolled out when a Windows admin is simply too far out of his comfort zone to accept something different to what he's used in the past :-( -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On Fri, 18 Nov 2011 10:14:46 +, James Courtier-Dutton wrote: Maybe I did not make the set up clear. The problem case was the Windows box being the central VPN Gateway/server and after a period of time connections would start failing. No, it's my inability to be awake properly by half 10 in the morning that's cause the confusion here... Chris -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On Fri, 18 Nov 2011 09:50:38 +, Gordon Scott wrote: I'm not sure which model our router is, I'll check next time I'm in the office (or maybe 'phone and ask), but it's definitely a Draytek Vigor with WiFi and three aerials, which seems from Draytek's site to suggest it already supports a number of VPN connection methods. Oh dear god! You're probably about to run into the same problem we had then. The DrayTek 2800 series (specifically the 2820s), seem to have a nasty firmware bug that causes outbound ESP packets to go walkabouts somewhere in the router, especially if you're doing any kind of NAT with it. If you find a solution, I'd love to know what you need to do. We found that a Netgear DG834 works great for testing purposes! Just a word of warning. Chris -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 18 November 2011 09:34, Chris Malton wrote: > On Thu, 17 Nov 2011 18:37:46 +, James Courtier-Dutton wrote: >> >> I would recommend IPSEC but I have really bad experiences with >> anything talking to the Windows implementation of IPSEC. >> For example, Linux, Juniper, Cisco and most firewalls that support >> IPSEC VPNs fail to work to a Windows machine. >> The IPSEC connection works, but as soon as a rekey happens it all >> falls apart. > > That's not my experience. I've just set up a new IPsec server which > seems to work OK with Windows and Linux clients. Not tried Mac OS, but it > will probably be OK. > > Just whatever you do, if you're using openswan, build it from source > tarballs... The Debian stable packages are very, very, broken with xL2TPd, > and other l2tp implementations. > > I even had to have the horrific issue of the IPsec server behind a NAT. Once > I ironed out a few creases, it worked near enough first time. > Maybe I did not make the set up clear. The problem case was the Windows box being the central VPN Gateway/server and after a period of time connections would start failing. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
Hi Guys, Thanks for all the feedback. On 17/11/2011 18:37, James Courtier-Dutton wrote: I would make sure the company put in a purpose built VPN gateway so that people can connect with normal VPN clients, such as CISCO, JUNIPER, Checkpoint etc. There are very cheap VPN boxes out there from about £50 upwards, and they actually work! I'm not sure which model our router is, I'll check next time I'm in the office (or maybe 'phone and ask), but it's definitely a Draytek Vigor with WiFi and three aerials, which seems from Draytek's site to suggest it already supports a number of VPN connection methods. One of the support company's arguments for offering only PPTP was that our available bandwidth is too low to allow too many other machines to have VPN access. My counter was that what I wanted to do was have a copy of the relevant data from their fileserver on my fileserver and synchronise overnight, when I'll have a minimal effect on other users and also do the data transfers off-tarrif (midnight to 8am). Time I think to make my case more assertively. ATB, Gordon. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On Thu, 17 Nov 2011 18:37:46 +, James Courtier-Dutton wrote: I would recommend IPSEC but I have really bad experiences with anything talking to the Windows implementation of IPSEC. For example, Linux, Juniper, Cisco and most firewalls that support IPSEC VPNs fail to work to a Windows machine. The IPSEC connection works, but as soon as a rekey happens it all falls apart. That's not my experience. I've just set up a new IPsec server which seems to work OK with Windows and Linux clients. Not tried Mac OS, but it will probably be OK. Just whatever you do, if you're using openswan, build it from source tarballs... The Debian stable packages are very, very, broken with xL2TPd, and other l2tp implementations. I even had to have the horrific issue of the IPsec server behind a NAT. Once I ironed out a few creases, it worked near enough first time. Chris Malton -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 17 November 2011 13:15, Gordon Scott wrote: > Hi Guys, > > I'm wondering if anyone has done this. > > I can easily get a VPN from by desktop PC using the NetworkManager > applet, but the server is headless, so no applet. > > I've now tried a whole load of different 'this is how to do PPTP to > Windows' articles and howtos, but none seem to quite get there. > > Does anyone know where I can find a guide that works? > PPTP is kind of nasty. On a level of 0 to 10, with 0 being no security to 10 being very secure, PPTP would score 0. I would recommend IPSEC but I have really bad experiences with anything talking to the Windows implementation of IPSEC. For example, Linux, Juniper, Cisco and most firewalls that support IPSEC VPNs fail to work to a Windows machine. The IPSEC connection works, but as soon as a rekey happens it all falls apart. We even had a paid 24x7 support contract direct with Microsoft, and they still refused to fix it. In summary, do not use windows for any sort of VPN endpoint. The support you get if it does not work is crap. I would make sure the company put in a purpose built VPN gateway so that people can connect with normal VPN clients, such as CISCO, JUNIPER, Checkpoint etc. There are very cheap VPN boxes out there from about £50 upwards, and they actually work! James -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> There are pros and cons for both OpenVPN and IPSec. There is a huge downside for IPSec if you're running stuff behind a NAT router - you need to be able to route protocols that aren't TCP or UDP. Many (predominantly cheap) NAT routers simply won't do this. IPSec can work through NAT, but it's not pretty. A former colleague of mine used to get /29 subnets for his customers just so he could put the IPSec-capable servers on a routable address. I cringed, but he was my boss... Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
Hi, On Thu, November 17, 2011 15:22, Gordon Scott wrote: > Yes, but without the OpenVPN client at the Windoze end, which might be > the problem. Cool, no problems there. The Windows client is a proper executable installer, and you can pre-create a configuration file and set of CA keys for them to dump into the client's configuration directory. All they will then have to figure out is to make it start up automatically, which is not too difficult. >>> Does anyone know where I can find a guide that works? >>> >> >> Here is one that looks good: >> >> >> http://library.linode.com/networking/openvpn/ubuntu-10.04-lucid >> >> >> Pay close attention to the certification parts and make sure you don't >> miss out steps. > > It's certainly a more complete guide than most^H^H^H^H any other I've > seen. I'll be exploring my way through it. It's a good one indeed. :-) > Unfortunately pptp is what's on offer. The whole system there is managed > by an outside company and they don't understand anything except Windoze and > maybe some Mac. They're pretty good at what they do, but I get 'rabbits in > the headlights' looks if I mention Linux. I have been looking at putting > in a Linux box alongside and doing IPsec rather than pptp, though I'm not > sure how well the rabbits would take to the idea. You can help them concentrate on what they do best by preparing things for them in advance. :-) There are pros and cons for both OpenVPN and IPSec. I think that Windows actually have IPSec support built in to it's standard networking stack, so you don't have to specifically install anything new. However, I'm not too sure about this, since I don't have the benefit of an IPSec rig to test with at the moment. Last time I set up IPSec I also found it to be quite complex due to the way I had to punch holes through the company firewall, while OpenVPN does everything through a single UDP port. On the other hand, OpenVPN does need the installation of the client software on the Doze server, but it's really really easy. Furthermore the server-side is really easy to set up too. So read through the HOWTO and let me know how you get on. I actually have a few shortcuts for you in terms of configuration files etc, but it's better if you first develop an understanding on the basics of OpenVPN. Network security purists will say IPSec is more secure than OpenVPN (pure SSL-based VPN), and I suppose it is, even if I haven't seen data to support this. So, you have both as solid options, and I think that with some care and a bit of pre-planning no rabbits needs be harmed in the process! :-) Somebody on the list mentioned SSH tunnels, which is an option. On the Windows side you have Putty, which can be set up to do tunnels with ease. Whether you can do this in a non-interactive manner, I'm not too sure, but it is a solid third option. -- Regards, Jan Henkins -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On 17/11/2011 14:35, Jan Henkins wrote: Just to be clear, under no circumstances can I recommend that you use PPTP, it is simply too insecure. Yes, PPP does have some form of encryption that can be switched on, and while it's one step up from sending stuff in clear-text (I exaggerate, but PPTP is bad), you don't want to have to rely on that. +1 OpenVPN is "OK" - I use it myself. Jacqui -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
> Yes, but without the OpenVPN client at the Windoze end, which might be > the problem. There's a Windows installer for OpenVPN. I used it many moons ago. ISTR deciding never to do that again, but I can't remember why... > It's certainly a more complete guide than most^H^H^H^H any other I've > seen. I'll be exploring my way through it. I got PPTP working from RHEL3 to Server2003 some years back. I'll see if I can find the details later. > Unfortunately pptp is what's on offer. The whole system there is managed > by an outside company and they don't understand anything except Windoze > and maybe some Mac. They're pretty good at what they do, but I get > 'rabbits in the headlights' looks if I mention Linux. I have been > looking at putting in a Linux box alongside and doing IPsec rather than > pptp, though I'm not sure how well the rabbits would take to the idea. If you've got a Mac server on site, you'd probably find it easier to run an encrypted tunnel to that as your main transit, then fan out whatever traffic you need from there. SSH is dead handy :-) Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
On Thu, 2011-11-17 at 14:35 +, Jan Henkins wrote: > Have you considered trying OpenVPN? Unfortunately it means that you will > have to install a client on the Windows side of things, but OpenVPN is in > the standard repositories for Ubuntu. Yes, but without the OpenVPN client at the Windoze end, which might be the problem. > > Does anyone know where I can find a guide that works? > > Here is one that looks good: > > http://library.linode.com/networking/openvpn/ubuntu-10.04-lucid > > Pay close attention to the certification parts and make sure you don't > miss out steps. It's certainly a more complete guide than most^H^H^H^H any other I've seen. I'll be exploring my way through it. > Just to be clear, under no circumstances can I recommend that you use > PPTP, it is simply too insecure. Yes, PPP does have some form of > encryption that can be switched on, and while it's one step up from > sending stuff in clear-text (I exaggerate, but PPTP is bad), you don't > want to have to rely on that. Unfortunately pptp is what's on offer. The whole system there is managed by an outside company and they don't understand anything except Windoze and maybe some Mac. They're pretty good at what they do, but I get 'rabbits in the headlights' looks if I mention Linux. I have been looking at putting in a Linux box alongside and doing IPsec rather than pptp, though I'm not sure how well the rabbits would take to the idea. ATB, Gordon. -- Gordon Scottwww.gscott.co.uk 01256-476547 0794-1958207 -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
Hello Gordon, On Thu, November 17, 2011 13:15, Gordon Scott wrote: > Hi Guys, > > > I'm wondering if anyone has done this. > > > I can easily get a VPN from by desktop PC using the NetworkManager > applet, but the server is headless, so no applet. > > I've now tried a whole load of different 'this is how to do PPTP to > Windows' articles and howtos, but none seem to quite get there. Have you considered trying OpenVPN? Unfortunately it means that you will have to install a client on the Windows side of things, but OpenVPN is in the standard repositories for Ubuntu. > Does anyone know where I can find a guide that works? Here is one that looks good: http://library.linode.com/networking/openvpn/ubuntu-10.04-lucid Pay close attention to the certification parts and make sure you don't miss out steps. Just to be clear, under no circumstances can I recommend that you use PPTP, it is simply too insecure. Yes, PPP does have some form of encryption that can be switched on, and while it's one step up from sending stuff in clear-text (I exaggerate, but PPTP is bad), you don't want to have to rely on that. -- Regards, Jan Henkins -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
[Hampshire] PPTP VPN from Ubuntu server 10.04 LTS to recent Win-SBS?
Hi Guys, I'm wondering if anyone has done this. I can easily get a VPN from by desktop PC using the NetworkManager applet, but the server is headless, so no applet. I've now tried a whole load of different 'this is how to do PPTP to Windows' articles and howtos, but none seem to quite get there. Does anyone know where I can find a guide that works? Thanks, Gordon. -- Gordon Scottwww.gscott.co.uk 01256-476547 0794-1958207 -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --