[Scottish] FW: VPN

Colin McKinnon scottish at mailman.lug.org.uk
Fri Mar 21 11:24:01 2003

ray wrote:

>Hi Keith;
>>I've never setup a VPN before but am I right in thinking that all that's
>>needed is the right software and two static ip addresses
>With a 'nix box at each end that's about it.  It gets a little more complicated if one of the gateways is MS or Cisco.  Most Linux distros will include freeswan for IPsec VPN and there is PoPToP to use Linux as a MS VPN Server.
IPSEC can produce a number of additional complications - it was designed 
around an assumtion of  connecting two (or more) points with fixed 
(real) IP addresses. Although a lot of these problems go away of you 
disable EPA (possible with FreeSwan - not with other implementations 
including MS) there are then implications for securing, configuring and 
authenticating the channel (e.g. opportunistic encryption is not 
available). Last time I checked, it wouldn't use x509 certificates 
either - although for a two site VPN this isn't so much of an issue.

It does work and is reportedly very stable. Since IPSEC is a well 
established standard, it will interoperate with most other 
implementations (but not necessarily in all configurations).

You pays your money and takes your choice. (only you don't - cos its free)