> It seems that SSL/TLS tunnels seem more popular now days.
Of course. They are extraordinarily simple to set up, and provide all the
security you need. IPSec is largely a relic...
Vic.
--
Please post to: Hampshire@mailman.lug.org.uk
Web Interface: https://mailman.lug.org.uk/mailman/listinfo
On 18 November 2011 18:28, Vic wrote:
>
>> Yes, but there is a "NAT traversal" option with IPSEC where they put
>> the encrypted payload in UDP packets.
>> That method is much more likely to get through.
>
> That's NAT-T. To quote from Microsoft's own page[1]:
>
> "We do not recommend Internet Pro
On 18/11/11 18:28, Vic wrote:
NAT-T is considered a security risk, and is disabled by default. It's best
that it remain so.
Agreed... pity in my case both devices were behind NAT firewalls...
The situation is, apparently, rare and we evaluated the options and
decided it was probably best to ma
> Yes, but there is a "NAT traversal" option with IPSEC where they put
> the encrypted payload in UDP packets.
> That method is much more likely to get through.
That's NAT-T. To quote from Microsoft's own page[1]:
"We do not recommend Internet Protocol security (IPSec) network address
translatio
On 18 November 2011 16:20, Vic wrote:
>
>> ESP packets .. those are the ones that know what data you want before
>> you ask for it.
>
> ESP is part of why IPSec is so damned horrible - it's IP, but it's
> protocol 50 (Note: *protocol*, not port).
>
Yes, but there is a "NAT traversal" option with
On 18/11/2011 16:20, Vic wrote:
OpenVPN has a lot to recommend it. But the first question I would ask is
this: what, exactly, are you trying to enable with this tunnel?
With hindsight I should have said at the start, but I thought the VPN
should be a relatively minor issue.
The company for w
> ESP packets .. those are the ones that know what data you want before
> you ask for it.
ESP is part of why IPSec is so damned horrible - it's IP, but it's
protocol 50 (Note: *protocol*, not port).
> At this moment it feels like everything with the probable exception of
> OpenVPN is a bit of a
On 18/11/2011 10:20, Chris Malton wrote:
On Fri, 18 Nov 2011 09:50:38 +, Gordon Scott wrote:
I'm not sure which model our router is, I'll check next time I'm in
the office (or maybe 'phone and ask), but it's definitely a Draytek
Vigor with WiFi and three aerials, which seems from Draytek's s
> The problem case was the Windows box being the central VPN
> Gateway/server and after a period of time connections would start
> failing.
Hmmm. I've not seen that happen - and I used to use PPTP a lot.
The biggest issues I used to see were ISPs dropping packets that I rather
wanted delivered..
> One of the support company's arguments for offering only PPTP was that
> our available bandwidth is too low to allow too many other machines to
> have VPN access.
If that is really their position[1], then you need to get some sort of SSh
server inside the network.
This allows you to get file-l
On Fri, 18 Nov 2011 10:14:46 +, James Courtier-Dutton wrote:
Maybe I did not make the set up clear.
The problem case was the Windows box being the central VPN
Gateway/server and after a period of time connections would start
failing.
No, it's my inability to be awake properly by half 10 in
On Fri, 18 Nov 2011 09:50:38 +, Gordon Scott wrote:
I'm not sure which model our router is, I'll check next time I'm in
the office (or maybe 'phone and ask), but it's definitely a Draytek
Vigor with WiFi and three aerials, which seems from Draytek's site to
suggest it already supports a numbe
On 18 November 2011 09:34, Chris Malton wrote:
> On Thu, 17 Nov 2011 18:37:46 +, James Courtier-Dutton wrote:
>>
>> I would recommend IPSEC but I have really bad experiences with
>> anything talking to the Windows implementation of IPSEC.
>> For example, Linux, Juniper, Cisco and most firewall
Hi Guys,
Thanks for all the feedback.
On 17/11/2011 18:37, James Courtier-Dutton wrote:
I would make sure the company put in a purpose built VPN gateway so
that people can connect with normal VPN clients, such as CISCO,
JUNIPER, Checkpoint etc.
There are very cheap VPN boxes out there from abou
On Thu, 17 Nov 2011 18:37:46 +, James Courtier-Dutton wrote:
I would recommend IPSEC but I have really bad experiences with
anything talking to the Windows implementation of IPSEC.
For example, Linux, Juniper, Cisco and most firewalls that support
IPSEC VPNs fail to work to a Windows machine.
On 17 November 2011 13:15, Gordon Scott wrote:
> Hi Guys,
>
> I'm wondering if anyone has done this.
>
> I can easily get a VPN from by desktop PC using the NetworkManager
> applet, but the server is headless, so no applet.
>
> I've now tried a whole load of different 'this is how to do PPTP to
>
> There are pros and cons for both OpenVPN and IPSec.
There is a huge downside for IPSec if you're running stuff behind a NAT
router - you need to be able to route protocols that aren't TCP or UDP.
Many (predominantly cheap) NAT routers simply won't do this.
IPSec can work through NAT, but it's
Hi,
On Thu, November 17, 2011 15:22, Gordon Scott wrote:
> Yes, but without the OpenVPN client at the Windoze end, which might be
> the problem.
Cool, no problems there. The Windows client is a proper executable
installer, and you can pre-create a configuration file and set of CA keys
for them to
On 17/11/2011 14:35, Jan Henkins wrote:
Just to be clear, under no circumstances can I recommend that you use
PPTP, it is simply too insecure. Yes, PPP does have some form of
encryption that can be switched on, and while it's one step up from
sending stuff in clear-text (I exaggerate, but PPTP is
> Yes, but without the OpenVPN client at the Windoze end, which might be
> the problem.
There's a Windows installer for OpenVPN. I used it many moons ago. ISTR
deciding never to do that again, but I can't remember why...
> It's certainly a more complete guide than most^H^H^H^H any other I've
> s
On Thu, 2011-11-17 at 14:35 +, Jan Henkins wrote:
> Have you considered trying OpenVPN? Unfortunately it means that you will
> have to install a client on the Windows side of things, but OpenVPN is in
> the standard repositories for Ubuntu.
Yes, but without the OpenVPN client at the Windoze e
Hello Gordon,
On Thu, November 17, 2011 13:15, Gordon Scott wrote:
> Hi Guys,
>
>
> I'm wondering if anyone has done this.
>
>
> I can easily get a VPN from by desktop PC using the NetworkManager
> applet, but the server is headless, so no applet.
>
> I've now tried a whole load of different 'this
Hi Guys,
I'm wondering if anyone has done this.
I can easily get a VPN from by desktop PC using the NetworkManager
applet, but the server is headless, so no applet.
I've now tried a whole load of different 'this is how to do PPTP to
Windows' articles and howtos, but none seem to quite get there.
23 matches
Mail list logo