On Sun, 7 Jan 2001, Kris Kennaway wrote:
> Date: Sun, 7 Jan 2001 01:48:01 -0800
> From: Kris Kennaway <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Open VPN - Anybody interested / suggestions
>
> On Fri, Jan 05, 2001 at 11:51:03AM +0100, Peter Stamfest wrote:
>
> > So do you think it is a waste of time to start such a project?
>
> Frankly, yes. Just use the industry-standard IPSEC, don't try and
> reinvent the wheel yet again and possibly screw up the crypto like M$
> did with PPTP.
OK, I see your point of view, but after some more researching during the
last couple of days I still have the following problemes:
* IPSec is hard to configure
* There seems to be no good certificate based IPSec solution for W95/W98
* There is no good AND free VPN solution out there.
As an example, I would like to mention PGPNet:
* One needs to use shared secrets if combined with FreeS/Wan
* The freeware version does not allow to access a whole network behind the
VPN gateway
* The non-free version is expensive. [Especially, since I am looking for a
way to allow students of educational institutions some very limited
access to some resources, something that could be easily done based on
certificates and PPP encapuslation and some firewall rules.]
Name a solution that can do all that on the currently available operating
systems.
I like the idea to use L2TP, but IPSec is quite an overkill (though it is
a good solution, in principle).
The main problem is the availablility of a free windows client that does
all I want.
The client would not be hard to write, actually. It mainly consists of a
virtual modem driver and an application level service. The virtual modem
could be good for hundreds of other things as well, so it could provide
for more than just a free VPN solution. [ I guess many people look for
free windows driver source code, have a look at some newsgroups. ]
That is what I am really looking for. It is always so simple to say: There
is this and that out there, use that, if there is no solution implementing
it.
I totally agree that I do not want to screw up security like MS did with
PPTP, that is why I do not like their VPN concept. I am looking for
something better.
Ideally, it should be easily deployable (most users are frankly
unable to configure anything), free, secure and expandable.
Unfortunately, I do not know of any such solution (yet). That is why I
propose such a project.
Is it still a waste of time to start something like this given the
thought from above?
This is not a religious thing for me. I would be much happier without such
a project. It is just that I need it. The sooner the better. Working.
Stable. I also do not like to reinvent the wheel. I guess nobody likes it,
but sometimes one is almost forced to do it.
More input is very welcome. I would really like to be convinced that such
a project is complete nonsense and that I am a fool to have even proposed
it.
Also, I may discover this by myself. I have received some very welcomed
input already, and I am still investigating. So maybe I will find out that
I am a fool in just half an hour, but the last day showed many problems
with alternatives.
peter
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
