Re: VPN: SSH or IPSec???

Wed, 16 Apr 2003 12:21:28 -0500 

        I haven't made use of SSH for VPN purposes as I tend to remove
PPP completely from the system after I install as I don't use dial-up
service for internet so I don't have it available for use with a SSH VPN
connection... I have used the FreeS/WAN IPSec solution and still use it
for a VPN solution for both Windows and Linux clients alike... On the
Windows side I use SSH Sentinel by SSH Communication and of course
FreeS/WAN for Linux both server and client side using X.509
certificate authentication... I haven't had any problems with IPSec that
would make me want to bother trying to use SSH for a VPN connection...

        One disadvantage I could see with SSH is that you would have to
have an account for the remote user to use to authenticate with to make
the VPN tunnel... Or a shared acct, dislike that idea even more... I
tend to run my IPSec VPN gateway machine with as few accts or access as
possible so this doesn't appeal or apply to my network topography...
With FreeS/WAN IPSec with X.509 certificates the configuration can be
made to accept valid certificiates signed by a specific Certificate
Authority (CA) which is easy enough to setup with OpenSSL provided
scripts... Then if you need to revoke access for a given certificate you
just issue the Certificate Revokation List (CRL), again using OpenSSL,
and FreeS/WAN will no longer honor that certificate.

        Regards,
        Jeremy

On Wed, Apr 16, 2003 at 04:49:45PM +0100, Servicios Inform?ticos UGT Galicia 
wrote:
> 
> 
>       I'm planning to set up a VPN.  I started reading The VPN Howto, but I 
> come to a crossroad as early as soon as I read past chapter 2:
> 
>       Should I use SSH or IPSec to set up my VPN?
>       Which are the drawbacks and advantages of both?
> 
>       I would like to know what's your opinion about it so I can choose the 
> most suitable option for me.
> 
>       Thank you
> -- 
> 
> ==============================
> Felipe Mart?nez Hermo
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> ==============================
> Servicios Inform?ticos
> UGT Galicia
> [EMAIL PROTECTED]
> ==============================
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>

Reply via email to