Looking for the fastest most easy VPN setup. I have looked at the IPSEC documentation at shorewall.net but I only saw stuff on FreeS/WAN. That looked kinda scary to setup so I was wondering if there are other options out there that are easier to setup. My only request (but is not a requirement) is that the roaming machines don''t need additional software (PPTP??). So if the list has recommendations I would like to hear them or if I should just stick with FreeS/WAN I would like to hear that too.
You can also consider OpenVPN: - It is simple (compared to FreeSWAN IPSEC) to setup. - It is very NAT-firewall friendly. - It is true that you need to install client on the roaming machine, but again it is also very straightforward and once set to run as Windows service, you can forget that. Most of the IPSEC clients are not free. ----- Original Message ----- From: "Andrew Niemantsverdriet" <lists@pure-wireless.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Monday, July 12, 2004 10:58 PM Subject: [Shorewall-users] [OT] Shorewall and VPN recommendation> Looking for the fastest most easy VPN setup. I have looked at the IPSEC > documentation at shorewall.net but I only saw stuff on FreeS/WAN. That > looked kinda scary to setup so I was wondering if there are other > options out there that are easier to setup. My only request (but is not > a requirement) is that the roaming machines don''t need additional > software (PPTP??). So if the list has recommendations I would like to > hear them or if I should just stick with FreeS/WAN I would like to hear > that too. > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Mon, 2004-07-12 at 23:54 -0400, M Lu wrote:> You can also consider OpenVPN: > - It is simple (compared to FreeSWAN IPSEC) to setup. > - It is very NAT-firewall friendly. > - It is true that you need to install client on the roaming machine, but > again it is also very straightforward and once set to run as Windows > service, you can forget that. Most of the IPSEC clients are not free. >I would second the OpenVPN recommendation. Setup is extremely straightforward, has Linux/Win32 support, extremely NAT friendly, etc. For site-to-site style VPNs, IPSEC can be used and can work quite well. For roaming users, the NAT and interoperability issues tend to me more trouble than they are worth so OpenVPN fits the bill. -- David T Hollis <dhollis@davehollis.com>
Hi Andrew, there are a few things you can use, like ssl tunnels, ssh tunnels, but I use and prefer IPsec - FreeS/WAN and it''s not that hard. I''m a bit jubious about PPTP, it''s always been the swiss cheese of security for me. Send me an ASCII map of what you want to do and I''ll help you out. I can also included a pdf of how to setup WinXP (I''m presuming that''s what you''ll be using) as it supposes IPSec in the OS (well at least that one good thing from M$) to interact with IPSec. Hope this helps. regards -- ----- Michael Sztachanski Snr. Tech Engineer +61 402 208 489 http://www.datapac.com.au ----------------- Security experts have been saying for years that the security of the Windows family of products is hopelessly inadequate. Now there is a rigorous government certification confirming this. -- Dr Jonathan S. Shapiro, http://eros.cs.jhu.edu/~shap/NT-EAL4.html On Mon, 2004-07-12 at 22:58, Andrew Niemantsverdriet wrote:> Looking for the fastest most easy VPN setup. I have looked at the IPSEC > documentation at shorewall.net but I only saw stuff on FreeS/WAN. That > looked kinda scary to setup so I was wondering if there are other > options out there that are easier to setup. My only request (but is not > a requirement) is that the roaming machines don''t need additional > software (PPTP??). So if the list has recommendations I would like to > hear them or if I should just stick with FreeS/WAN I would like to hear > that too. > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm