I've been playing with a ppp over ssh VPN for a week or two. It seems to work decently, although it is pretty slow at times (I'm using the VPN as an Internet gateway with IP masquerading on the other side). I just did a google search for vtun and found a document questioning its security. The author said that it is easy to make man in the middle attacks on it with version 2.5 because of how the encryption is used. I expect that it would be much harder to exploit in the its TCP operation mode than its UDP mode. The document is at:
http://www.off.net/~jme/vtun_secu.html I'm not sure of the validity of the document because I have not examined the source code of vtun. The 2.6 changelog did not mention this problem being fixed, but it did mention that other problems of vtun would be addressed in the future (using /dev/random instead of rand() when SSL is disabled.) I'm about to try installing openVPN, of which I've seen good reviews. -Nathan On Sat, Apr 24, 2004 at 09:43:30AM -0400, Ralph Blach wrote: > Try > > http://vtun.sourceforge.net/ > > It is a userland tunnling software that is very easy to setup and > run. > > I recomend that you give it a try. > > Chip > Tanner Lovelace wrote: > >Douglas Kojetin said the following on 4/23/04 7:29 PM: > > > >>hi all- > >> > >>i ssh to a computer computer behind a firewall that has access to > >>other computers behind the network that i frequently need to ssh to. > >>what i normally do is > >> > >>ssh [EMAIL PROTECTED] > >>ssh [EMAIL PROTECTED] > >> > >>is there a shortcut i can take so that i don't ssh twice? i've setup > >>aliases and 'no-password authentication' to ease things, but it would > >>be nice to do the above in one command if possible. > > > > > >You could have the first ssh execute the second. If you just put the > >two commands together, you'll noticed, however, that it doesn't work. > >Ssh doesn't automatically allocate a psuedo-tty when executing a command > >so you must force it to using the -t option. > > > >So, try: > > > >ssh -t [EMAIL PROTECTED] ssh [EMAIL PROTECTED] > > > >That should do what you want. > > > >Cheers, > >Tanner > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc -- Nathan J. Conrad Campus phone #5930 301 Scott hall, UNC Charlotte http://bungled.net GPG: F4FC 7E25 9308 ECE1 735C 0798 CE86 DA45 9170 3112
signature.asc
Description: Digital signature
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
