On Thu, 17 Feb 2000, Tim Sutton wrote:
> Hi
>
> I am doing a little research into setting up a VPN (virtual provate
> network).
>
> 1) Can someone tell me if / how Linux supports VPN's
Yes.
>
> 2) Can someone point me to a good source of documentation on Linux and VPNs
As well as the ssh tunneling already mentioned, there's CIPE, which runs
over IP and avoids one of the problems with ssh where data is tunneled
over TCP (imagine two sets of TCP timers interacting, for example).
If you need interoperability, have a look at Freeswan, which is an
implementation of IPsec, an IETF standard. It is quite complicated
compared to CIPE and ssh.
There is also a slightly stale implementation of Sun's SKIP for Linux
called enSkip available, but it's probably not what you're after (you
would know if it was, I imagine).
If you need to talk to MS PPTP clients, there's PoPToP (keep in mind
that MS PPTP is a pile of utter crap, and you're best to avoid it).
In most cases for Linux, the decision is probably between CIPE and
Freeswan. In choosing between these, from a secuirity point of view, one
of the issues you need to look at is balancing the simplicity of CIPE vs
the amount of 'peer review' that has gone into IPsec standardisation.
Both are hypothetically strong security assets.
Here are some URLs:
http://www.freeswan.org/
http://sites.inka.de/sites/bigred/devel/cipe.html
http://www.moretonbay.com/vpn/pptp.html
http://www.tik.ee.ethz.ch/~skip/
You can also find security reviews of IPsec and MS PPTP at:
http://www.counterpane.com/pptp.html
http://www.counterpane.com/ipsec.html
I don't know of security reviews for CIPE, and can't remember any offhand
for SKIP that were not marketing material.
There are also some commercial VPN products for Linux now, from companies
like Checkpoint and Watchguard. The latter sponsored much of the
development of the current Linux firewalling code, which was a pretty cool
thing for a company to do.
>
> 3) From personal experience, can anyone tell me how secure / reliable /
> useable a VPN is as opposed to setting up a dedicated WAN?
It is probably too complicated a matter to make any generalisations about.
What do you want to do?
- James.
--
James Morris
<[EMAIL PROTECTED]>
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
