Two addendum points:
1. A LOT of ISPs use RFC1918 address space as connector IPs on their
own network. It conserves IP addresses that they can sell/lease to
customers, and overall it works well. This means that if your ISP is
doing this, and your VPN is on a different block, AND the ISP routers
Alex,
Most modern IPsec clients have better security than they used. There was
a time that if your company was using public addresses internally ...and
a remote client had a VPN connection across the Internet ...and said
remote client also was inadvertently configured to route traffic from
the int
Hi folks,
Hey Lynn, I like your response, "you can't run a VPN w/o internet access
can you? :)"
I guess what I really meant was that it's my understanding that the
security risk lies in being able to connect to your remote network via
VPN (of course), and still being able to browse the internet as
On Tuesday 29 July 2003 04:53 pm, Alex Rhomberg wrote:
> > It's fairly straightforward. Let's say you've got a machine on the
> > internet with nothing between you and the 'net. You're running with a
> > public IP(I'm gonna use a private, so just pretend) of 172.16.8.1 on
> > your machine, and you'
Seems that I'm jumping in late on this thread, but as I recall on
laptops, especially those using PCMCIA cards, card services have to
start "before" the networking drivers are loaded. Otherwise there is no
card to bind the driver to. Onboard nics in laptops are handled
differently at the bios level
> It's fairly straightforward. Let's say you've got a machine on the
> internet with nothing between you and the 'net. You're running with a
> public IP(I'm gonna use a private, so just pretend) of 172.16.8.1 on
> your machine, and you're connected to a VPN. Routing is also turned on
> on this par
Well said, thanks George.
Eric
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:leaf-user-
> [EMAIL PROTECTED] On Behalf Of George Metz
> Sent: Tuesday, July 29, 2003 9:56 AM
> To: Craig Caughlin
> Cc: LEAF (LEAF)
> Subject: Re: [leaf-user] VPN security issue? Slightly O/T...
>
> C
Erich Titl <[EMAIL PROTECTED]> wrote on 07/29/2003 10:52:30 AM:
> You might try to get a CRL from the authority that issued your pkcs#12
file
I think that's where I'm at. I've sorted out the key nonsense (and gotten
the parts I need, I hope), except for the fact that I now get this error:
"
Hi, I've installed linux bering1.2 with an Alcatel Speedtouch Home ADSL
modem through pppoe.
Everything seems ok but I have problems in sending large Email and in
browsing some web page (everything hangs).
- I've set CLAMPMSS=Yes in shorewall.conf (This should be the solution as
far as I've rea
[EMAIL PROTECTED] wrote on 07/29/2003 12:01:57 PM:
> It is certainly possible to run a proxy server like Squid or Junkbuster
> *on* a Dachstein system, though offhand I do not recall if either one
> exists in prepackaged (.lrp) form. But ... at least in my opinion ...
this
> is not an optimal
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa001
[...]
I realise just about everything is possible in the Linux worlds... however
my query is...
Is it possible to use a proxy server in combination with the Dashtein CD?
Perhaps, the Dashtein CD is not quite the BEST package to use... I am
happy to be guided by you all out there...
I do have a
Hi everyone,
I am very new to Linux and even newer to the LRP/LEAF scene.
I have a quick question that I am sure you have answered a hundred times before...
I realise just about everything is possible in the Linux worlds... however my query
is...
Is it possible to use a proxy server in com
Tim
At 09:39 29.07.2003 -0400, [EMAIL PROTECTED] wrote:
...
If it were only that easy...
I'm connecting my Bering firewall to XYZ firewall, having only been given a
.p12 file...
...
Thank you very much for the suggestions. Unfortunately, there are two
things complicating this: 1) I only have co
An earlyer message indicated that iot was a 3c589. This is a PCMCIA card.
As I recall, card services do not usually start until after networking.
This could be the "out of order" issue.
JamesS
At 02:59 PM 7/28/03 +0530, S Mohan wrote:
>If it is a question of interface not coming up, why not put t
Craig Caughlin wrote:
Hi Eric,
Thanks for the response. I think I'm like Alex, I don't quite understand
what you mean when you say "Then the entire Internet gets access to the
other side of your VPN without having to compromise your system." Could
you explain that a little bit? Thank you.
It's fair
"Victor Berdin" <[EMAIL PROTECTED]> wrote on 07/29/2003 12:38:45 AM:
> For your Bering <> Win2K setup
> (btw, what VPN interop setup are you trtying to implement?)
If it were only that easy...
I'm connecting my Bering firewall to XYZ firewall, having only been given a
.p12 file...
> If
Hi Eric,
Thanks for the response. I think I'm like Alex, I don't quite understand
what you mean when you say "Then the entire Internet gets access to the
other side of your VPN without having to compromise your system." Could
you explain that a little bit? Thank you.
Craig
-Original Message--
Hi,
Yes I tried this and it does not work. Something to do with "ip"
replacing "ifconfig" command or something.
But you can get an interface to respond to an extra IP address with the
following
auto eth0
iface eth0 inet static
address 192.168.0.2
masklen 24
broadcast 192.168.0.255
On Mon, 2003-07-28 at 05:23, S Mohan wrote:
> I'm looking at using Bering v1.2 to support multipath routing for link
> bandwidth aggregation and failover using leased line + DSL as scenario (1)
> and two DSL links as scenario (2). I'm putting my thoughts and would like
> feedback on the approach, f
20 matches
Mail list logo