Robert Moskowitz wrote:
>
>> but the other problem
>> with IPsec is that the usual tools don't provide an interface for
>> routing and they need some other mechanism to decide what goes through
>> them.
>
> This has always been my issue with IPsec tunnels. What to use and do you
> know if wha
Les Mikesell wrote:
> Robert Moskowitz wrote:
>
I have never liked the SSLvpn architecture. Never really liked the SSL
handshake; just too chatty. I wear my biases quite plainly on my arm
sleeve (I chaired the IPsec workgroup during the time the RFCs came
out). You wa
Robert Moskowitz wrote:
>
>>> I have never liked the SSLvpn architecture. Never really liked the SSL
>>> handshake; just too chatty. I wear my biases quite plainly on my arm
>>> sleeve (I chaired the IPsec workgroup during the time the RFCs came
>>> out). You want security, go with IPsec. E
Les Mikesell wrote:
> Robert Moskowitz wrote:
>
>> I have never liked the SSLvpn architecture. Never really liked the SSL
>> handshake; just too chatty. I wear my biases quite plainly on my arm
>> sleeve (I chaired the IPsec workgroup during the time the RFCs came
>> out). You want securit
Robert Moskowitz wrote:
>
> I have never liked the SSLvpn architecture. Never really liked the SSL
> handshake; just too chatty. I wear my biases quite plainly on my arm
> sleeve (I chaired the IPsec workgroup during the time the RFCs came
> out). You want security, go with IPsec. Even ESP
Bernard 'Tux' Lheureux wrote:
> Matt wrote:
>
>>> I have to build vpn server for 1500 clients. No encryption necessary.
>>> can anyone please recommend me vpn server.
>>>
>>> Have you looked at Mikrotik.com router OS? It has PPTP server. Very
>>> fast and easy to setup
>>>
> But PPTP is
Matt wrote:
>> I have to build vpn server for 1500 clients. No encryption necessary.
>> can anyone please recommend me vpn server.
>>
>> Have you looked at Mikrotik.com router OS? It has PPTP server. Very
>> fast and easy to setup
But PPTP is very weak in terms of security...
IPsec or SSL VPNs sh
> I have to build vpn server for 1500 clients. No encryption necessary.
> can anyone please recommend me vpn server.
>
> I do not have experience on vpn.
>
> I have tested openvpn on my test setup, & its working fine.
>
> I want to check if there any other vpn server available.
> I have not checked
on 12-20-2008 11:52 PM Dhaval Thakar spake the following:
>> Just out of my own curriosity have you gave the thought of using
>> deadicated
>> or virtual circuits for the VPN implimentation? Like Frame Relay or ATM?
>> Are
>> you passing off the connections to a secondairy network access server? Or
On Sun, Dec 14, 2008 at 9:20 AM, wrote:
> Hi list,
>
>
> I have to build vpn server for 1500 clients. No encryption necessary.
> can anyone please recommend me vpn server.
>
> I do not have experience on vpn.
>
> I have tested openvpn on my test setup, & its working fine.
>
> I want to check if t
Dhaval Thakar wrote:
>
If you could use a lower CPU intensive crypt like blowfish, it would be
easier.
Are all these trading partners in different locations or are there semi
large
groups in the same locations?
>>> all these are end users.
>>> they connect softwa
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Dhaval Thakar
> Sent: Sunday, December 21, 2008 2:49 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] regarding vpn server for 1500 clients
>
>
>
&g
On Sat, Dec 20, 2008 at 6:59 PM, Robert Moskowitz wrote:
> John wrote:
>>> -Original Message-
>>> Subject: Re: [CentOS] regarding vpn server for 1500 clients
>>>
>>> Dhaval Thakar wrote:
>>>
>>>>> If you could use a lower
> Just out of my own curriosity have you gave the thought of using
> deadicated
> or virtual circuits for the VPN implimentation? Like Frame Relay or ATM?
> Are
> you passing off the connections to a secondairy network access server? Or
> how do you plan on rolling this out, configuration wise?
>
> Dhaval Thakar wrote:
>>> If you could use a lower CPU intensive crypt like blowfish, it would be
>>> easier.
>>>
>>> Are all these trading partners in different locations or are there semi
>>> large
>>> groups in the same locations?
>>>
>> all these are end users.
>> they connect software fro
John wrote:
>> -Original Message-
>> From: centos-boun...@centos.org
>> [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell
>> Sent: Saturday, December 20, 2008 1:20 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] regarding vpn server
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of MHR
> Sent: Saturday, December 20, 2008 6:33 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] regarding vpn server for 1500 clients
>
> On Sat, Dec 20
On Sat, Dec 20, 2008 at 10:50 AM, John wrote:
>
> Just out of my own curriosity have you gave the thought of using deadicated
Was that a freudian slip?
:-)
mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell
> Sent: Saturday, December 20, 2008 1:20 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] regarding vpn server for 1500 clients
>
> Dhaval T
Dhaval Thakar wrote:
>> If you could use a lower CPU intensive crypt like blowfish, it would be
>> easier.
>>
>> Are all these trading partners in different locations or are there semi large
>> groups in the same locations?
>>
> all these are end users.
> they connect software from home / offic
> If you could use a lower CPU intensive crypt like blowfish, it would be
> easier.
>
> Are all these trading partners in different locations or are there semi large
> groups in the same locations?
>
all these are end users.
they connect software from home / offices.
> Maybe a hundred or so sh
Les Mikesell wrote:
> Robert Moskowitz wrote:
>
>
>
>> How about lots of GRE tunnels? :-)
>>
>>
>>
> I've done that with a few connections - mostly connecting to Cisco
> routers to pass multicast streams. I'm not sure
Robert Moskowitz wrote:
>
> How about lots of GRE tunnels? :-)
>
>
I've done that with a few connections - mostly connecting to Cisco
routers to pass multicast streams. I'm not sure how it would scale up
in terms of the interface numbers and
Scott Silva wrote:
>
> How about lots of GRE tunnels? :-)
>
I've done that with a few connections - mostly connecting to Cisco
routers to pass multicast streams. I'm not sure how it would scale up
in terms of the interface numbers and managing routes but it sh
On Fri, Dec 19, 2008 at 01:54:32PM -0500, Robert Moskowitz wrote:
> Ray Van Dolson wrote:
> > On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
> >
> >> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson wrote:
> >>
> >>
> >>> How about lots of GRE tunnels? :-)
> >>>
> >> Well
Les Mikesell wrote:
> Robert Moskowitz wrote:
>
>>>
>>>
How about lots of GRE tunnels? :-)
>>> I've done that with a few connections - mostly connecting to Cisco
>>> routers to pass multicast streams. I'm not sure how it would scale up
>>> in terms of th
Ray Van Dolson wrote:
> On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
>
>> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson wrote:
>>
>>
>>> How about lots of GRE tunnels? :-)
>>>
>> Well PPTP is PPP over GRE, so that's basically it.
>>
>> PPTP can run without encryption
William Warren wrote:
> Robert Moskowitz wrote:
>
>> Ray Van Dolson wrote:
>>
>>
>>> On Fri, Dec 19, 2008 at 03:42:08PM +, Karanbir Singh wrote:
>>>
>>>
>>>
Rainer Duffner wrote:
>> 1500 clients is quite a lot, but not hard
on 12-19-2008 10:33 AM Les Mikesell spake the following:
> Robert Moskowitz wrote:
>>>
How about lots of GRE tunnels? :-)
>>> I've done that with a few connections - mostly connecting to Cisco
>>> routers to pass multicast streams. I'm not sure how it would scale up
>>> in term
Robert Moskowitz wrote:
>>
>>> How about lots of GRE tunnels? :-)
>>>
>> I've done that with a few connections - mostly connecting to Cisco
>> routers to pass multicast streams. I'm not sure how it would scale up
>> in terms of the interface numbers and managing routes but it should work
On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
>
>
> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson wrote:
>
> > How about lots of GRE tunnels? :-)
>
> Well PPTP is PPP over GRE, so that's basically it.
>
> PPTP can run without encryption too if the OP really doesn't care
> abou
on 12-19-2008 7:49 AM Ray Van Dolson spake the following:
> On Fri, Dec 19, 2008 at 03:42:08PM +, Karanbir Singh wrote:
>> Rainer Duffner wrote:
1500 clients is quite a lot, but not hard to handle from a single
machine if you select a cpu capable of doing ssl quickly. eg a power6
>>
On Dec 19, 2008, at 12:20 PM, Ray Van Dolson wrote:
> How about lots of GRE tunnels? :-)
Well PPTP is PPP over GRE, so that's basically it.
PPTP can run without encryption too if the OP really doesn't care
about encryption.
-Ross
___
CentOS mail
On Fri, Dec 19, 2008 at 11:41 AM, John R Pierce wrote:
> I still think I'd recommend Juniper SSLVPN appliance hardware however.
> one of their midsized boxes can easily handle 1000s of sessions at wire
> speeds up to 100baseT at the server side, and has really good
I was an end user of a Juniper
Robert Moskowitz wrote:
> Ray Van Dolson wrote:
>
>> On Fri, Dec 19, 2008 at 03:42:08PM +, Karanbir Singh wrote:
>>
>>
>>> Rainer Duffner wrote:
>>>
>>>
> 1500 clients is quite a lot, but not hard to handle from a single
> machine if you select a cpu capable of d
On Fri, Dec 19, 2008 at 01:11:29PM -0500, Robert Moskowitz wrote:
> Ray Van Dolson wrote:
> > On Fri, Dec 19, 2008 at 12:49:08PM -0500, Robert Moskowitz wrote:
> >
> >> Ray Van Dolson wrote:
> >>
> >>> How about lots of GRE tunnels? :-)
> >>>
> >> RED can kill GRE tunnels over the ne
Ray Van Dolson wrote:
> On Fri, Dec 19, 2008 at 12:49:08PM -0500, Robert Moskowitz wrote:
>
>> Ray Van Dolson wrote:
>>
>>> How about lots of GRE tunnels? :-)
>>>
>> RED can kill GRE tunnels over the net. Depends on the protocol they
>> carry. If it is all TCP, you see a lot of slow
Les Mikesell wrote:
> Ray Van Dolson wrote:
>
>> How about lots of GRE tunnels? :-)
>>
>
> I've done that with a few connections - mostly connecting to Cisco
> routers to pass multicast streams. I'm not sure how it would scale up
> in terms of the interface numbers and managing routes bu
On Fri, Dec 19, 2008 at 12:49:08PM -0500, Robert Moskowitz wrote:
> Ray Van Dolson wrote:
> > How about lots of GRE tunnels? :-)
> RED can kill GRE tunnels over the net. Depends on the protocol they
> carry. If it is all TCP, you see a lot of slowstart. Of course if their
> path is free of conges
Ray Van Dolson wrote:
> How about lots of GRE tunnels? :-)
RED can kill GRE tunnels over the net. Depends on the protocol they
carry. If it is all TCP, you see a lot of slowstart. Of course if their
path is free of congestion, then no RED.
Plus there is a lot of configuration for GRE, and most p
Ray Van Dolson wrote:
> How about lots of GRE tunnels? :-)
I've done that with a few connections - mostly connecting to Cisco
routers to pass multicast streams. I'm not sure how it would scale up
in terms of the interface numbers and managing routes but it should work.
--
Les Mikesell
How about lots of GRE tunnels? :-)
Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
John R Pierce wrote:
> Robert Moskowitz wrote:
>
>> The OP did not want security, only tunneling.
>>
>
> use simple PPPoE perhaps?
>
PPPoE does not have good behaviour over the broader Internet. Works find
for the last mile.
> I still think I'd recommend Juniper SSLVPN appliance hard
Robert Moskowitz wrote:
>
> The OP did not want security, only tunneling.
use simple PPPoE perhaps?
I still think I'd recommend Juniper SSLVPN appliance hardware however.
one of their midsized boxes can easily handle 1000s of sessions at wire
speeds up to 100baseT at the server side, and has
Ray Van Dolson wrote:
> On Fri, Dec 19, 2008 at 03:42:08PM +, Karanbir Singh wrote:
>
>> Rainer Duffner wrote:
>>
1500 clients is quite a lot, but not hard to handle from a single
machine if you select a cpu capable of doing ssl quickly. eg a power6
machine with a few c
On Fri, Dec 19, 2008 at 03:42:08PM +, Karanbir Singh wrote:
> Rainer Duffner wrote:
> >> 1500 clients is quite a lot, but not hard to handle from a single
> >> machine if you select a cpu capable of doing ssl quickly. eg a power6
> >> machine with a few cores would handle that without any pro
Rainer Duffner wrote:
>> 1500 clients is quite a lot, but not hard to handle from a single
>> machine if you select a cpu capable of doing ssl quickly. eg a power6
>> machine with a few cores would handle that without any problems.
>
> And what is the suggested RRP of such a thing?
> (If one may
DISCLAIMER:
I work for ICSAlabs, an Independent Division of Verizon Business
Systems. We are the UL of security product testing.
I co-chaired the IPsec work in the IETF back in the late '90s.
I am the creator of the HIP protocol.
I have lots of standards experience, lots of testing experience,
Karanbir Singh schrieb:
> Dhaval Thakar wrote:
>
>> I prefer non-encryption vpn.
>> If I use openvpn, it will require more processing power than poptop.
>> I guess creating backup server might become difficult as it works on ssl
>> cert. cert created on server1 might not work with server2. Wher
Dhaval Thakar wrote:
> I prefer non-encryption vpn.
> If I use openvpn, it will require more processing power than poptop.
> I guess creating backup server might become difficult as it works on ssl
> cert. cert created on server1 might not work with server2. Whereas in
> poptop I need to copy sin
On Fri, 2008-12-19 at 16:02 +0530, Dhaval Thakar wrote:
> I prefer non-encryption vpn.
Uhh... without encryption, you take the "p" out of "vpn"...
-I
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Matej Cepl wrote:
> On 2008-12-17, 08:37 GMT, NiftyClusters T Mitchell wrote:
>
>> It is possible that dedicated Cisco hardware solutions will
>> scale better.
>>
>
> Your mileage may vary, but I have terrible experience with Linux
> Cisco VPN clients, so I would strongly suggest OpenVP
On 2008-12-17, 08:37 GMT, NiftyClusters T Mitchell wrote:
> It is possible that dedicated Cisco hardware solutions will
> scale better.
Your mileage may vary, but I have terrible experience with Linux
Cisco VPN clients, so I would strongly suggest OpenVPN. Of
course, I don't know anything about
John R Pierce wrote:
> NiftyClusters T Mitchell wrote
>> It is possible that dedicated Cisco hardware solutions will scale
>> better. At a minimum they can set a cost base line to validate the
>> value of your Linux solution.
>>
>> Management of clients needs to be expanded.
>>
>
> for large s
NiftyClusters T Mitchell wrote
> It is possible that dedicated Cisco hardware solutions will scale
> better. At a minimum they can set a cost base line to validate the
> value of your Linux solution.
>
> Management of clients needs to be expanded.
>
for large scale VPN networks like that, I'd
On Sun, Dec 14, 2008 at 7:20 AM, wrote:
> Hi list,
>
>
> I have to build vpn server for 1500 clients. No encryption necessary.
> can anyone please recommend me vpn server.
>
> I do not have experience on vpn.
>
> I have tested openvpn on my test setup, & its working fine.
>
> I want to check if t
Hi list,
I have to build vpn server for 1500 clients. No encryption necessary.
can anyone please recommend me vpn server.
I do not have experience on vpn.
I have tested openvpn on my test setup, & its working fine.
I want to check if there any other vpn server available.
I have not checked but
57 matches
Mail list logo