On Sat, 2004-02-21 at 23:25, Nathan Ollerenshaw wrote:
Keith,
I looked at freeswan and IPsec as well as doing SSH tunnels, and the
best software I found for a quick and simple yet secure VPN is OpenVPN.
Its easy to set up, they have RPMs for everything you need (except for
one thing which you can get off freshrpms) and it works REALLY well.
I run a VPN between here and an office in Moscow and it was fairly
trivial to get working. Just follow the documentation closely.
The thing with FreeSwan and others is that they are very complicated
and/or use bizzare protocols such as GRE which sometimes get filtered.
OpenVPN just uses UDP for encapsulation, and TLS for the session
negotiation and OpenSSL for the encryption, so its very
straightforward. You can also set up a floating endpoint with no
problems.
Hope this helps,
Do you know if this will work with a standard corporate firewall? The
MS Admins where I work block SSH but let Telnet!
Looking at the OpenVPN expample they have this simple setup:
On may:
openvpn --remote june.kg --dev tun1 --ifconfig \
10.4.0.1 10.4.0.2 --verb 9
On june:
openvpn --remote may.kg --dev tun1 --ifconfig \
10.4.0.2 10.4.0.1 --verb 9
The problem with this is that I want to have a VPN from my home network
to my corporate desktop. The work desktop does not have an Internet
addressable IP/name. My home PC has a dynamic IP although I use
dydns.org so I can always get to it. So how would I enter the --remote
name/IP for my corporate desktop from home?
I guess I could use SSH on another port, though a VPN would have more
utility and let me mount samba shares from my home FC1 desktop to my
work FC1 desktop.
Jim Drabb
--
---------------------------------------------------------
The box said: "Requires Windows 98/2000/NT/XP or better."
So, I installed LINUX!
---------------------------------------------------------
James Drabb JR
Senior Programmer Analyst
Davenport, FL USA