[plug] VPN's

William Kenworthy billk at iinet.net.au
Thu Aug 5 19:36:17 WST 2004 

is port forwarding an option?  Something like zebedee can be used as an
encrypted, authenticated vpn.  It is in use for purposes like this in
the states (e.g., travelling salesmen).  

I only use it for email (read and send to home and work), secure
intranet (zope, web etc) access from "outside" and vnc sessions from
multiple sites (laptop) to multiple sites (home and work) running
servers.

I had (accidentally formated!) a floppy disk that had the requisite
programs (inc httptunnel for when I had to pierce a restrictive
firewall) and keys that I could pop into any doze machine and work to
whatever resource I needed.

Logging is excellent as is control, but large scale, individual key
management may be an issue, and working to a global key set is not so
secure in what you are describing.

Been using it for over 5 years now that I think about it!  Trouble free
and just "works".  I have tried ssh and find it relatively flaky (hung
connections, odd problems) by comparison.

http://www.winton.org.uk/zebedee/

BillK


On Thu, 2004-08-05 at 18:00, Craig Ringer wrote:
> Marc Wiriadisastra wrote:
> > Not really sure whats required but here's the situation.
> > 
> > People that work here travel outside of the metro area and have to have 
> > access to work files.  We have dialup access through westnet whereever 
> > we are.  Now is there a way to have access to the file server at work 
> > authenticate the user through dialup without the long distance phone 
> > calls and all of that.
> 
> There probably is, yes. It would be helpful if you would specify what 
> file server and access protocol you are using, plus what your 
> firewall/gateway machine is, as these are all very important to the 
> specifics of what to do and the best choice of VPN service.
> 
> For example, it may be reasonable to simply use SSH/SCP (there are GUIs 
> for SCP), you might get away with simple HTTP + client certificates 
> (note: WebDAV runs over HTTP), or you might need a full ip-level VPN 
> like L2TP or IPSec.
> 
> > I believe VPN's are the way to go.  If they are can you point me in the 
> > right direction for the following.
> > 
> > 1. Doc's to help setup the software.
> 
> Depends on what the suitable software ends up being.
> 
> > 2. What authentication all of you's would recommend.
> 
> Depends on the server and your requirements.
> 
> --
> Craig Ringer
> 
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>

More information about the plug mailing list