[Klug-general] VPN

[Mike]

On Thu, Sep 02, 2010 at 09:40:59AM +0100, Peter Childs wrote:
> I'm looking for some help on VPNs. For the purpose of getting into
> lans else where.
> 
> Open VPN seams to be the cheap, free, open way to go, however its very
> very complicated, this idea of needing, a Certificate, a Private Key
> and something else and generating all of these are quite difficult to
> generate also they have already baffled me.
> 
> I looked at PPTP, but the need to get GRE through the router caused
> quite a few extra problems, Great so long as its set up on the router
> (meaning zero config) and so long as security is not important.
>

RTFM :-)  Seriously, the OpenVPN site nicely documents how to setup
OpenVPN and has a quick start guide to get you up and running.  It isn't
nearly as complicated as it sounds.  As you say you need to generate a
Certificate Authority and corrisponding key, then generate a client cert
and use the CA to sign the client cert.  It's a command for each of the
files and a fourth to sign the cert.  The cert goes on the client and
the CA goes on the server.  It's basically your password.  The config
file is about 12 lines.  Myself and a colleague have both set this up in
about 10 minutes.  If you think OpenVPN is painful, try setting up an
IP/Sec VPN!

I like to say that PPTP stands for P*** Poor Tunneling Protocol.  It's
more of a tunneling protocol than a VPN.  The encryption is somewhat
tokenistic.  Sisquo tried to resolve this with L2TP, which is basically
PPTP using ROT16 instead of ROT13.

I haven't tried the product that some of the others have mentioned, so
you may want to check that out too.

Mike. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20100902/1aaf654d/attachment.pgp>