Any help with VPN termination?
Leonard Isham
leonard.isham at gmail.com
Thu May 5 08:37:33 UTC 2005
On 5/4/05, Florin Andrei <florin at andrei.myip.org> wrote:
> On Wed, 2005-05-04 at 12:38 -0500, Aaron P. Martinez wrote:
>
> > firewall/anything not my favorite choice. The firewall imo, shouldn't
> > be running any services that can be attacked, simply passing packets and
> > optioally routing.
>
> OTOH, the most rapidly growing market in the security space is UTM
> (Unified Threat Management) appliances, which are, essentially, not just
> firewall/anything but actually firewall/everything. :-)
>
> Even from a fairly hard-core position it might make sense to combine a
> firewall and an IPS since, truth being said, they're the same thing but
> acting at different levels in the OSI stack.
> Well, provided that the false positives/negatives are low enough. :-)
>
> > if you have a spare 4 or 5 year old machine laying around, consider
> > throwing linux or some BSD on it and running openvpn. it's a very
> > secure ssl based vpn product and you only need one port opened up in
> > your firewall, no gre so no custom kernel needed.
>
> thumbs up
>
I second the nomination for OpenVPN. I have had 1.6 running for a
site for over a year with one person connecting in from another state
everyday without a hitch. I don't think any of the firewall distros
have upgraded to the new 2.0 version, but IIRC Devil Linux has OpenVPN
integrated in.
OpenVPN is multiplatform and supports Windows, Linux and other *nix as well.
Additionally the web site has a large amount of documentation and the
community dose a great job of supporting it.
The one thing to be wary of is if your routing experience is light
then you may have some difficulties getting the routing, and hence VPN
and firewall working smoothly.
I believe that DAG has OpenVPN 2.0 as a RPM as well.
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list