[ale] Firewall/VPN solutions

Bob Toxen transam at verysecurelinux.com
Wed Mar 28 12:15:34 EDT 2007 

Do consider StrongSwan, which used to be OpenS/WAN, for IPSec universal
compatibility.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

On Tue, Mar 27, 2007 at 07:49:49AM -0400, Steve Tynor wrote:
> I can second OpenVPN -- we used it on our IPCop firewall.  All of our 
> client machines are currently Windows, so I can't speak to Linux or OS/X 
> support,  but the Windows client is dead simple and it "just works".
> 
> Steve
> 
> On 3/27/2007 2:26 AM, Michael B. Trausch wrote:
> > On Mon, 2007-03-26 at 08:42 -0400, Jeremy T. Bouse wrote:
> >> I'm looking for some suggestions on a turn-key firewall/vpn solution
> >> that provides multi-OS client support. I used to consider Sonicwall in
> >> that category but their recent versions only support Windows with limit
> >> Mac and absolutely zero Linux support. I'm fairly certain Cisco can
> >> support all three but looking for all possible solutions I might have
> >> overlooked.
> > 
> > I am not sure if this will help you at all, but I have been looking for 
> > a VPN solution for something I want to do, and it seems that OpenVPN 
> > would serve my needs quite well; it provides a full VPN setup that is 
> > relatively easy to configure (GNOME can configure the client side 
> > automatically), and it uses the well-known and trusted SSL mechanism for 
> > protecting the tunnel itself.  The server uses a configuration file, and 
> > there are several options for making it work--ranging from using PAM to 
> > authenticate to full client-side SSL certificates that authenticate to 
> > the VPN server.
> > 
> > I am only testing it so far myself, but it seems to be the only solution 
> > that would work for what I am doing, other than perhaps an SSH VPN--but 
> > I'm not so sure on that one.  It would likely work, but I think I would 
> > have to code a lot more for it, and OpenVPN is available as a package, 
> > just like the SSH server is (at least on Ubuntu).
> > 
> >     ??? Mike
> > 
> > --
> > Michael B. Trausch 	
> > fd0man at gmail.com <mailto:fd0man at gmail.com>
> > Phone: (404) 592-5746 	
> > Jabber IM: 	fd0man at gmail.com
> > fd0man at livejournal.com
> > 
> > *Demand Freedom!  Use **/open/** and **/free/** protocols, standards, 
> > and software!*
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list