Re: Requesting info: VPN solution

[Michael Gale <michael.gale () bluesuperman com>]

Hello,

        I guess it all depends on what you need, lets say for example you have
two offices. 

One in location A with static IP A.A.A.A and one in location B with
static IP B.B.B.B. 

Why go out and spend all kinds of money on VPN's --- they all do mostly
the same thing ... they usually all support the same encryption levels.

Why not use FreeS/Wan or SuperFreeS/Wan ? You take two average boxes and
install linux, base install nothing more. Really all you need is a
running kernel, you could easily use a bootable CD. 

Anyways base install and build Super FreeS/wan ... on VPN box at
location A we allow only UDP port 500 traffic and IP protocol 50 from IP
B.B.B.B only .. all other traffic is dropped. We do the same on box B at
location B, allowing only UDP port 500 and IP protocol 50 from IP
A.A.A.A.

You use then only allow AES-256 with SHA-1-256 bit encryption using RSA
keys.

Once configured their is NO maintenance at all required. I am using a
similar solution and since the initial install I never have had to
touch the boxes.

All this cost me about $1500 because I had to buy two boxes at $700 a
piece.


Michael.

On 30 Mar 2004 18:30:14 -0000
Nicholas Diotte <xphox () xphox net> wrote:

> Good afternoon list,
>
> Yet again, it's time for me to pick your brain...  I've been asked to
> develop a VPN solution that will require little to no maintenance.
>
> Project Goal: Connect two computers, on two public networks, to secure
> data transfers between the two.  Ex: Offsite backup.
>
> If anyone can recommend any hardware solutions that would establish a
> secure connection...  I was looking into Cisco 1712 series...
>
> The sky is the limit on this one, and I've been given a fairly
> reasonable budget...
>
> I've never setup anything like this before, so I'm open to any, and
> all suggestions...
>
> Thank you,
> Nick Diotte
>
> ---------------------------------------------------------------------
> ------ Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off any course! All of our class sizes are guaranteed to be
> 10 students or less to facilitate one-on-one interaction with one of
> our expert instructors. Attend a course taught by an expert instructor
> with years of in-the-field pen testing experience in our state of the
> art hacking lab. Master the skills of an Ethical Hacker to better
> assess the security of your organization. Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ---------------------------------------------------------------------
> -------


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------