[TriLUG] redhat and freeswan - was Debian vs Mandrake vs Redhat vs

Turnpike Man turnpike420 at yahoo.com
Tue Mar 11 09:20:44 EST 2003


I went through the step-by-step, but I must not have understood it all.  My
buddy in TX is RHCE, he too was stumped... *shrugs*  Hopefully one day someone
can take me through it that has done it on red hat.  Personally I learn best
from hands on training, not RTFM... just how I am.  I would like FreeSwan to
work such that multiple sites can be connected via a 24/7 IPsec vpn.  My
scenario is this: global headquarters in RTP, remote offices in California, UK,
Sweden, and India.  The RR from NC to TX is just me and a friend trying to get
it to work.  I use iptables to protect my network from RR.  Is Freeswan the
right tool or is PPTP via SSH just as viable?  Security is obviously of
importance (and I have to make sure our guy in Sweden doesn't convince the
owners to go with M$ ISA!)

Now for PPTP, I have yet to try to configure PoPToP, although I have looked at
it.  Piping it through SSH is something I would have no clue how to do
(unfortunately I haven't even configured my vnc through ssh yet although I hear
this is easy).  Yup... there is still much for me to learn.  The PPTP through
SSH seems like it would be much easier to implement than freeswan... would it
be just as secure?  What about packet integrity compared to IPSec?

thanks,
David


--- Jon Carnes <jonc at nc.rr.com> wrote:
> I've gotten FreeSwan running on RedHat but it's not a cake walk, and it
> certainly isn't done by simply installing an RPM.  You should look up
> the HowTo on the FreeSwan site.  It has a step-by-step install for your
> favorite versions of RedHat.
> 
> You'll find it simpler to use PPTP via SSH if you are hooking together
> two RedHat servers.  I used that for a long while back in the early days
> (circa RH 4.3 and RH 5.2)
> 
> If you are using RedHat the simplest way to gain IPSec capabilities is
> to purchase a LinkSys router with built in IPSec and use that as your
> firewall.  
> 
> I have to point out that RedHat's lack of support for IPSec is what made
> me first choose Mandrake as my prefered OS.  
> 
> A caveat to using Mandrake is that their hardware support tends to be
> less wide and varied, so you need to use relatively popular Hardware to
> gain the best robustness and stability.  <I've not experienced any
> problems with Mandrake, but others profess to have had problems - so I'm
> guessing that it is their HW choices>
> 
> Good Luck - Jon Carnes
> 
> On Tue, 2003-03-11 at 00:47, Turnpike Man wrote:
> > Speaking of freeswan... myself and another have been trying to get freeswan
> > running on red hat... which came with rpm even... apparently this is not
> > enough??  We had rh 7.3 on each end, basically RR here in NC(me) and in
> > TX(friend).  It is obviously not as easy as it appears or we just plain
> missed
> > something.
> > 
> > David



__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com



More information about the TriLUG mailing list