[Scottish] FW: VPN
Colin McKinnon
scottish at mailman.lug.org.uk
Fri Mar 21 11:24:01 2003
ray wrote:
>Hi Keith;
>
>
>>I've never setup a VPN before but am I right in thinking that all that's
>>needed is the right software and two static ip addresses
>>
>>
>With a 'nix box at each end that's about it. It gets a little more complicated if one of the gateways is MS or Cisco. Most Linux distros will include freeswan for IPsec VPN and there is PoPToP to use Linux as a MS VPN Server.
>
IPSEC can produce a number of additional complications - it was designed
around an assumtion of connecting two (or more) points with fixed
(real) IP addresses. Although a lot of these problems go away of you
disable EPA (possible with FreeSwan - not with other implementations
including MS) there are then implications for securing, configuring and
authenticating the channel (e.g. opportunistic encryption is not
available). Last time I checked, it wouldn't use x509 certificates
either - although for a two site VPN this isn't so much of an issue.
It does work and is reportedly very stable. Since IPSEC is a well
established standard, it will interoperate with most other
implementations (but not necessarily in all configurations).
You pays your money and takes your choice. (only you don't - cos its free)
Colin