On Fri, 5 Jan 2001, Michael Strvder wrote:
> Date: Fri, 05 Jan 2001 11:25:08 +0100
> From: Michael Strvder <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Open VPN - Anybody interested / suggestions
>
> Peter Stamfest wrote:
> >
> > Hello OpenSSL users,
> > [..]
> > * UDP based instead of TCP based (see below for reasons)
>
> SSL sits on top of a connection-oriented protocol like e.g. TCP or
> PPP. Some VPN products use SSL over PPP over UDP. Did you mean that?
What I have in mind is not SSL over UDP. It shares the same ideas,
though. The problem with SSL for encapsulation of PPP traffic is the
retransmit problem. Therefore, there is no "standard" SSL involved in what
I think of. However, the crypto/certificate code of openssl comes in very
handy...
The most important things I want:
* Freely available
* No extra hardware on the client side (this is why it needs a windows
part).
> But what's wrong with IPSec, S/WAN and http://www.freeswan.org ? Ok,
> there's no direct IPX support but this gets more and more
> unimportant...
IP/Sec is a possibility, but what I think of is more of what MicroSoft did
with its VPN (aka PPTP) solution, but based on certificates. (and with
only one channel for control and data [to ease the setup of firewalls]).
The PPP inside of the tunnel is good for routing data in and out of an
office lan, something one would have to do with an IPsec tunnel as
well. And PPP has its own authentication mechanism, so the server side
can force a password challenge, even with a compromised key on the client
side (possibly using a smart card to do this).
So do you think it is a waste of time to start such a project?
cheers, peter
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
