RE: VPN solution needed (linux<->win32) or (nt<->win32)

[sean.kelly () lanston com]

> From: Mailing Lists [mailto:mlist () almerco ca]
>
> I'm looking at implementing a VPN for my network.
...
> I already looked at Cybernetica's Secure Socket Agent (SSA) 
> built over a 
> SSL connection which is free for home and educational 
> purposes but don't 
> know about the technology is good or if any of you have a 
> better solution or experience.

SSL is a well-established good scheme for secure communication.  AFAIK there
are no effective attacks against it yet (there was one very esoteric one for
a while but it had never been used as it was fairly difficult and has since
been patched out of existence).  Another more workgroup-oriented solution
might be etunnels (which also uses SSL) http://www.etunnels.com/ , though
I'm not sure if they have linux support yet.

IPSec is a likely candidate as well: http://www.ipsec.com/ .  It's avaiable
for free for linux (you might have to look around for a port), cisco routers
(if not now then soon), Windows (PGPNet -- free for non-commercial use --
and perhaps other products as well), and will be built-in to Win2k
(supposedly) to replace their existing VPN scheme.  It appears to be the
emerging standard for secure IP-based communication -- ssh2 uses IPSec as
well.  3Com and some other companies are even manufacturing network cards
that handle most of the overhead related to IPSec (triple-DES encryption,
etc) in hardware to reduce computation overhead -- might be a good solution
if you're installing it on a server which would be handling >1 connection at
once.


Sean