VPN options
James Drabb
JDrabb at tampabay.rr.com
Sun Feb 22 18:37:51 UTC 2004
On Sat, 2004-02-21 at 23:25, Nathan Ollerenshaw wrote:
> Keith,
>
> I looked at freeswan and IPsec as well as doing SSH tunnels, and the
> best software I found for a quick and simple yet secure VPN is OpenVPN.
>
> Its easy to set up, they have RPMs for everything you need (except for
> one thing which you can get off freshrpms) and it works REALLY well.
>
> I run a VPN between here and an office in Moscow and it was fairly
> trivial to get working. Just follow the documentation closely.
>
> The thing with FreeSwan and others is that they are very complicated
> and/or use bizzare protocols such as GRE which sometimes get filtered.
>
> OpenVPN just uses UDP for encapsulation, and TLS for the session
> negotiation and OpenSSL for the encryption, so its very
> straightforward. You can also set up a floating endpoint with no
> problems.
>
> Hope this helps,
>
Do you know if this will work with a standard corporate firewall? The
MS Admins where I work block SSH but let Telnet!
Looking at the OpenVPN expample they have this simple setup:
On may:
openvpn --remote june.kg --dev tun1 --ifconfig \
10.4.0.1 10.4.0.2 --verb 9
On june:
openvpn --remote may.kg --dev tun1 --ifconfig \
10.4.0.2 10.4.0.1 --verb 9
The problem with this is that I want to have a VPN from my home network
to my corporate desktop. The work desktop does not have an Internet
addressable IP/name. My home PC has a dynamic IP although I use
dydns.org so I can always get to it. So how would I enter the --remote
name/IP for my corporate desktop from home?
I guess I could use SSH on another port, though a VPN would have more
utility and let me mount samba shares from my home FC1 desktop to my
work FC1 desktop.
Jim Drabb
--
---------------------------------------------------------
The box said: "Requires Windows 98/2000/NT/XP or better."
So, I installed LINUX!
---------------------------------------------------------
James Drabb JR
Senior Programmer Analyst
Davenport, FL USA
More information about the fedora-list
mailing list