Best VPN server to use on Fedora

Michael H. Warfield mhw at wittsend.com
Thu Oct 27 14:51:08 UTC 2005 

On Thu, 2005-10-27 at 07:49 -0400, Leonard Isham wrote:
> On 10/27/05, Rick Lim <ricklim at telus.net> wrote:

> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com [mailto:fedora-list-bounces at redhat.com]
> > On Behalf Of Kenneth Porter
> > Sent: Tuesday, October 25, 2005 12:51 AM
> > To: For users of Fedora Core releases
> > Subject: Re: Best VPN server to use on Fedora
> >
> > --On Monday, October 24, 2005 9:53 PM -0400 Leonard Isham
> > <leonard.isham at gmail.com> wrote:
> >
> > > OpenVPN gets my vote.  www.openvpn.net
> >
> > Agreed. It runs over SSL instead of IPSec, almost completely in userspace,
> > which I find is easier to set up. The stock Fedora kernel includes the
> > required kernel tun/tap device, so you don't need a custom kernel, nor
> > special router support. If you can open a ssh or https connection to your
> > VPN server, then you can get to it with OpenVPN, assuming the port is open.
> > ISP's don't see it as "VPN". (Some forbid VPN connections.)
> >
> > Hi Kenneth,
> >
> > I have looked at OpenVPN, from what I can figure out.... with a Linux VPN
> > server and windows xp clients you would have to install OpenVPN on the
> > windows machine.
> >
> > I don't want to have to install OpenVPN on each windows machine, windows xp
> > already has a client built in, I would like a Linux server that would work
> > with the built in windows client, am I wrong in assuming that OpenVPN on the
> > Linux box will not work with the XP client?
> >

> While I don't know your situation...

> The MIcrosoft included Windows VPN clients are insecure.  Which has
> been proven multiple times.  I would only impliment a Windows solution
> under protest.  In fact I have migrated people to OpenVPN.

	Not to defend Microsoft or anything...

	You're thinking of the old PPTP/L2TP over GRE stuff that Bruce Schneier
and Mudge lambasted years ago on Windows 2000 and earlier.  That was
supported by the PopTop project on Linux.  Windows XP is now using IPSec
NAT-T as the core of their XP VPN and it does interoperate with OpenSWAN
and does NOT have the security problems of the old PPTP.  I think
Windows XP still can support the older PPTP but only for older
installations, and I'm not even totally sure about that.  You are right
with regards to that older stuff...   I wouldn't use PPTP for anything.
But the modern MS VPN stuff is pretty straight forward X.509 certificate
based IPSec over NAT-T 4500/udp.  There's more information on how to do
that over with the OpenSWAN crowd.

> I find the installation of the windows client trivial and you end up
> with a reliable secure solution.

> --
> Leonard Isham, CISSP
> Ostendo non ostento.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com  
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051027/efe1dd63/attachment-0001.sig>

More information about the fedora-list mailing list