Paul Johnson <[EMAIL PROTECTED]> writes: > On Tue, Feb 18, 2003 at 11:30:54PM -0500, jereme wrote: > > Some of this is preference. I find, I myself prefer to build a tunnel > > to remote networks. Having a routable link provides much more > > flexibility than remote login. > > What's your method for doing this? I've made a couple half-assed > attempts at setting up a PPTP VPN so I and my users can connect to my > network remotely when need be.
For net-to-net connections where I have static assignments on both ends I always use IPSec, (freeswan of course). I have lots of sites using this and I havent had a problem in the three years I have been running it. For single users looking to connect to the mother ship I use two solutions. For those unfortunate souls trapped on win systems, I setup a pptp server for their use, (poptop). Though I think pptp is pretty bad all said and done, it is standard or easily obtained for most win systems, (besides, if quality software was such a priority fot those users, they wouldn't be running windows systems). For Linux folks, I go with vtun. I use this every day and have never seen it burp. I have also used IPSec for this but as many folks must traverse a NAT gw, the modified headers cause the remote gateway to drop the AH packets, (their are patches to get the gw to not munge these headers but lots of times I don't controll the gateway or it is an appliance). Also the dynamics addressing has given me trouble. When the address changes, the tunnel takes a little while to reestablish, (about long enough for a user or client to becomes testy and start hitting my cell). > `- Debian - when you have better things to do than to fix a system I always thought this was an *excellent* footer. -jereme -- +--------------------------------------------------------------+ Jereme Corrado <[EMAIL PROTECTED]> System Administrator Restorative Management Corp. gpg: 1024D/9C39E1F0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
