On Thu, 17 Nov 2011 18:37:46 +, James Courtier-Dutton wrote:
I would recommend IPSEC but I have really bad experiences with
anything talking to the Windows implementation of IPSEC.
For example, Linux, Juniper, Cisco and most firewalls that support
IPSEC VPNs fail to work to a Windows
Hi Guys,
Thanks for all the feedback.
On 17/11/2011 18:37, James Courtier-Dutton wrote:
I would make sure the company put in a purpose built VPN gateway so
that people can connect with normal VPN clients, such as CISCO,
JUNIPER, Checkpoint etc.
There are very cheap VPN boxes out there from
On 18 November 2011 09:34, Chris Malton chr...@cmalton.me.uk wrote:
On Thu, 17 Nov 2011 18:37:46 +, James Courtier-Dutton wrote:
I would recommend IPSEC but I have really bad experiences with
anything talking to the Windows implementation of IPSEC.
For example, Linux, Juniper, Cisco and
On Fri, 18 Nov 2011 09:50:38 +, Gordon Scott wrote:
I'm not sure which model our router is, I'll check next time I'm in
the office (or maybe 'phone and ask), but it's definitely a Draytek
Vigor with WiFi and three aerials, which seems from Draytek's site to
suggest it already supports a
On Fri, 18 Nov 2011 10:14:46 +, James Courtier-Dutton wrote:
Maybe I did not make the set up clear.
The problem case was the Windows box being the central VPN
Gateway/server and after a period of time connections would start
failing.
No, it's my inability to be awake properly by half 10
The problem case was the Windows box being the central VPN
Gateway/server and after a period of time connections would start
failing.
Hmmm. I've not seen that happen - and I used to use PPTP a lot.
The biggest issues I used to see were ISPs dropping packets that I rather
wanted delivered...
On 18/11/2011 10:20, Chris Malton wrote:
On Fri, 18 Nov 2011 09:50:38 +, Gordon Scott wrote:
I'm not sure which model our router is, I'll check next time I'm in
the office (or maybe 'phone and ask), but it's definitely a Draytek
Vigor with WiFi and three aerials, which seems from Draytek's
ESP packets .. those are the ones that know what data you want before
you ask for it.
ESP is part of why IPSec is so damned horrible - it's IP, but it's
protocol 50 (Note: *protocol*, not port).
At this moment it feels like everything with the probable exception of
OpenVPN is a bit of a
On 18/11/2011 16:20, Vic wrote:
OpenVPN has a lot to recommend it. But the first question I would ask is
this: what, exactly, are you trying to enable with this tunnel?
With hindsight I should have said at the start, but I thought the VPN
should be a relatively minor issue.
The company for
On 18 November 2011 16:20, Vic l...@beer.org.uk wrote:
ESP packets .. those are the ones that know what data you want before
you ask for it.
ESP is part of why IPSec is so damned horrible - it's IP, but it's
protocol 50 (Note: *protocol*, not port).
Yes, but there is a NAT traversal option
Yes, but there is a NAT traversal option with IPSEC where they put
the encrypted payload in UDP packets.
That method is much more likely to get through.
That's NAT-T. To quote from Microsoft's own page[1]:
We do not recommend Internet Protocol security (IPSec) network address
translation
On 18/11/11 18:28, Vic wrote:
NAT-T is considered a security risk, and is disabled by default. It's best
that it remain so.
Agreed... pity in my case both devices were behind NAT firewalls...
The situation is, apparently, rare and we evaluated the options and
decided it was probably best to
On 18 November 2011 18:28, Vic l...@beer.org.uk wrote:
Yes, but there is a NAT traversal option with IPSEC where they put
the encrypted payload in UDP packets.
That method is much more likely to get through.
That's NAT-T. To quote from Microsoft's own page[1]:
We do not recommend Internet
It seems that SSL/TLS tunnels seem more popular now days.
Of course. They are extraordinarily simple to set up, and provide all the
security you need. IPSec is largely a relic...
Vic.
--
Please post to: Hampshire@mailman.lug.org.uk
Web Interface:
Hi Guys,
I'm wondering if anyone has done this.
I can easily get a VPN from by desktop PC using the NetworkManager
applet, but the server is headless, so no applet.
I've now tried a whole load of different 'this is how to do PPTP to
Windows' articles and howtos, but none seem to quite get
Hello Gordon,
On Thu, November 17, 2011 13:15, Gordon Scott wrote:
Hi Guys,
I'm wondering if anyone has done this.
I can easily get a VPN from by desktop PC using the NetworkManager
applet, but the server is headless, so no applet.
I've now tried a whole load of different 'this is how
On Thu, 2011-11-17 at 14:35 +, Jan Henkins wrote:
Have you considered trying OpenVPN? Unfortunately it means that you will
have to install a client on the Windows side of things, but OpenVPN is in
the standard repositories for Ubuntu.
Yes, but without the OpenVPN client at the Windoze
Yes, but without the OpenVPN client at the Windoze end, which might be
the problem.
There's a Windows installer for OpenVPN. I used it many moons ago. ISTR
deciding never to do that again, but I can't remember why...
It's certainly a more complete guide than most^H^H^H^H any other I've
On 17/11/2011 14:35, Jan Henkins wrote:
Just to be clear, under no circumstances can I recommend that you use
PPTP, it is simply too insecure. Yes, PPP does have some form of
encryption that can be switched on, and while it's one step up from
sending stuff in clear-text (I exaggerate, but PPTP
Hi,
On Thu, November 17, 2011 15:22, Gordon Scott wrote:
Yes, but without the OpenVPN client at the Windoze end, which might be
the problem.
Cool, no problems there. The Windows client is a proper executable
installer, and you can pre-create a configuration file and set of CA keys
for them to
There are pros and cons for both OpenVPN and IPSec.
There is a huge downside for IPSec if you're running stuff behind a NAT
router - you need to be able to route protocols that aren't TCP or UDP.
Many (predominantly cheap) NAT routers simply won't do this.
IPSec can work through NAT, but it's
On 17 November 2011 13:15, Gordon Scott gor...@gscott.co.uk wrote:
Hi Guys,
I'm wondering if anyone has done this.
I can easily get a VPN from by desktop PC using the NetworkManager
applet, but the server is headless, so no applet.
I've now tried a whole load of different 'this is how to
22 matches
Mail list logo
