[TriLUG] VPN questions

Steve Kuekes steve at kuekes.homeip.net
Tue Aug 12 17:28:20 EDT 2003 

What is the group's opinion of PPTP (http://www.poptop.org) as VPN 
software?  I was thinking of using this to connect Windoze clients into 
a corporate network since the pptp client is built into M$ os's.

Ryan Leathers wrote:
> Jon,
> 
> I appreciate the response, and I had considered using SSH but my hunch
> is it won't meet my needs.  Although I use SSH to tunnel VNC and other
> stuff I recognize an obvious performance hit when I do so.  This is to
> be expected using a character application for something it wasn't truly
> designed to do.  Given the volume of data I expect to push around across
> the Internet I THINK I need something with a greater payload to header
> ratio.  IPSEC is the likely winner in my mind.  
> 
> Upon further review of FreeS/WAN the "road warrior" examples are pretty
> close to on target for my needs so I'm gonna give that a go.  If it
> doesn't work out I'll fall back on SSH as the lowest common denominator
> approach - I know I can at least move SOME amount of data where I want
> it that way.
> 
> Ryan
>  
> 
> On Tue, 2003-08-12 at 16:03, Jon Carnes wrote:
> 
>>I think you will be happy with ssh.  The machine behind the NAT/firewall
>>will have to initiate the connection, but ssh can do port tunneling, and
>>that is exactly what you want.
>>
>>If you want details, let me know - or read the archives from yesterday!
>>
>>Jon Carnes
>>
>>On Tue, 2003-08-12 at 15:24, Ryan Leathers wrote:
>>
>>>I would like to put a Linux server in a remote LAN where the LAN users
>>>will access a web application running on the server.  I need that server
>>>to connect to a database through a Cisco VPN concentrator or PIX across
>>>the Internet.  I have looked at using the Cisco VPN client for Linux,
>>>but it requires that UDP traffic be allowed inbound to the client.  I
>>>can't allow this.
>>>
>>>Can anyone suggest a solution that will use only client initiated
>>>connections - preferably on TCP 443 ?
>>>
>>>I am now looking at FreeS/WAN but this seems to be all about forwarding
>>>traffic through a tunnel between private networks rather than a client
>>>connecting via a tunnel.  As such my concern with freeswan is that
>>>timeout induced reconnects will not necessarily be initiated from the
>>>client (remote LAN) side. 
>>>

More information about the TriLUG mailing list