Re: Big VPN

> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > such it does not work with 2.6. That is untrue. 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCR

Re: Big VPN

> think an acceptable user-land alternative might be openvpn. I would I don't think openvpn would easily handle such large number of connections, it would be also a configuration nightmare. tinc was designed to handle such scenario, but I wouldn't use anything user-land for ~100 lans, no metter h

Re: Big VPN

On Wed, Mar 03, 2004 at 01:25:46 +0100, Milan P. Stanic wrote: > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > such it does not work with 2.6. "For Kernel's 2.6.0 and higher, Openswan uses the built in IPsec support. Only the userland component of Openswan is required t

Re: Big VPN

On Wed, Mar 03, 2004 at 01:33:17AM +0100, I.R. van Dongen wrote: > Jan Minar wrote: > > >IMHO, the key words in Richard's posting are ``[not] enough expertise'', > >and ``a track record''. The idea that the [conceptual] flaws will be > >fixed in The Next Release [TM], although quite common amongs

Re: Big VPN

On Wed, Mar 03, 2004 at 01:33:17AM +0100, I.R. van Dongen wrote: > Jan Minar wrote: > > >IMHO, the key words in Richard's posting are ``[not] enough expertise'', > >and ``a track record''. The idea that the [conceptual] flaws will be > >fixed in The Next Release [TM], although quite common amongs

Re: Big VPN

In article <[EMAIL PROTECTED]> you wrote: > I'm personally in favour of an IPsec VPN using openbsd or linux 2.6. For a distributed Installation with up to 100 sites, I strongly recommend to go with a small SOHO Router appliance. Because they are easy to replace with UPS delivery, they are more rob

Re: Big VPN

Jan Minar wrote: IMHO, the key words in Richard's posting are ``[not] enough expertise'', and ``a track record''. The idea that the [conceptual] flaws will be fixed in The Next Release [TM], although quite common amongst the people, is a mere instance of a proof by wishful thinking. Clueless a

Re: Big VPN

On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote: > On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > > If you're looking for a VPN solution, by all means look at FreeS/WAN (or its > > likely successor, OpenSWAN). Just forget about OE. OE isn't about the type > >

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >You might want to check tinc (http://tinc.nl.linux.org) > > > > > > > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > > > > >>You might want to check tinc (http://tinc.nl.linux.org) > >> > >> > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

In article <[EMAIL PROTECTED]> you wrote: > I'm personally in favour of an IPsec VPN using openbsd or linux 2.6. For a distributed Installation with up to 100 sites, I strongly recommend to go with a small SOHO Router appliance. Because they are easy to replace with UPS delivery, they are more rob

Re: Big VPN

Richard Atterer wrote: On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough exp

Re: Big VPN

Jan Minar wrote: IMHO, the key words in Richard's posting are ``[not] enough expertise'', and ``a track record''. The idea that the [conceptual] flaws will be fixed in The Next Release [TM], although quite common amongst the people, is a mere instance of a proof by wishful thinking. Clueless aut

Re: Big VPN

On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote: > On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > > If you're looking for a VPN solution, by all means look at FreeS/WAN (or its > > likely successor, OpenSWAN). Just forget about OE. OE isn't about the type > >

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >You might want to check tinc (http://tinc.nl.linux.org) > > > > > > > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough expertise to build a secure tool 2 yea

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > > > > >>You might want to check tinc (http://tinc.nl.linux.org) > >> > >> > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > > about security. > > If you're looking for a VPN solution, by all means look at FreeS/

Re: Big VPN

Richard Atterer wrote: On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough expertise

Re: Big VPN

On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > about security. If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor, OpenSWAN). Just forget about OE. OE isn't about t

Re: Big VPN

Jaroslaw Tabor wrote: Hi all! I know that this list isn't the best place to ask, but I'm reding this list for years. I hope You will forgive me :) I'm looking for good linux (debian of course) based solution for VPN connecting about 100 LANs. The solution should be stable, easy for implementat

Big VPN

Hi all! I know that this list isn't the best place to ask, but I'm reding this list for years. I hope You will forgive me :) I'm looking for good linux (debian of course) based solution for VPN connecting about 100 LANs. The solution should be stable, easy for implementation and easy for manageme

Re: Big VPN

On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough expertise to build a secure tool 2 yea

Re: Big VPN

On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > > about security. > > If you're looking for a VPN solution, by all means look at FreeS/

Re: Big VPN

On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > about security. If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor, OpenSWAN). Just forget about OE. OE isn't about t

Re: Big VPN

Jaroslaw Tabor wrote: Hi all! I know that this list isn't the best place to ask, but I'm reding this list for years. I hope You will forgive me :) I'm looking for good linux (debian of course) based solution for VPN connecting about 100 LANs. The solution should be stable, easy for implementation

Big VPN

Hi all! I know that this list isn't the best place to ask, but I'm reding this list for years. I hope You will forgive me :) I'm looking for good linux (debian of course) based solution for VPN connecting about 100 LANs. The solution should be stable, easy for implementation and easy for manageme

Re: apt-get upgrade and kernel images

On Tue, Mar 02, 2004 at 10:18:15AM +0200, Riku Valli wrote: > Yes, but for me was quite confusing that at first installation kernel isnot > a package. So if you install your Debian with boot floppies 2.4.18-bf2.4 you > never get update for this kernel. You must > apt-get install kernel-image-2.4.1

Re: apt-get upgrade and kernel images

On Tue, Mar 02, 2004 at 10:28:44AM +0100, Mattias Eriksson wrote: > I think I recall something about debian not upgrading kernel-images > except if the user asks for it explicitly. Not unless you explicitly put them on hold (which you are of course free to do). > I have been using debian for ma

Re: apt-get upgrade and kernel images

On Tue, Mar 02, 2004 at 10:18:15AM +0200, Riku Valli wrote: > Yes, but for me was quite confusing that at first installation kernel isnot > a package. AFAIK it will be, starting with sarge. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216

Re: apt-get upgrade and kernel images

On Tue, Mar 02, 2004 at 10:18:15AM +0200, Riku Valli wrote: > Yes, but for me was quite confusing that at first installation kernel isnot > a package. So if you install your Debian with boot floppies 2.4.18-bf2.4 you > never get update for this kernel. You must > apt-get install kernel-image-2.4.1

Re: apt-get upgrade and kernel images

On Tue, Mar 02, 2004 at 10:28:44AM +0100, Mattias Eriksson wrote: > I think I recall something about debian not upgrading kernel-images > except if the user asks for it explicitly. Not unless you explicitly put them on hold (which you are of course free to do). > I have been using debian for ma

Re: apt-get upgrade and kernel images

On Tue, Mar 02, 2004 at 10:18:15AM +0200, Riku Valli wrote: > Yes, but for me was quite confusing that at first installation kernel isnot > a package. AFAIK it will be, starting with sarge. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216

Re: apt-get upgrade and kernel images

I think I recall something about debian not upgrading kernel-images except if the user asks for it explicitly. I have been using debian for many years and I can't recall that I ever have gotten an kernel upgrade if I haven't asked for it. Sometimes I had installed a kernel-2.4-386 kernel that was

Re: apt-get upgrade and kernel images

- Original Message - From: "Matt Zimmerman" <[EMAIL PROTECTED]> To: Sent: Monday, March 01, 2004 8:33 PM Subject: Re: apt-get upgrade and kernel images > On Fri, Feb 27, 2004 at 12:42:16AM -0800, Andris Kalnozols wrote: > > > I am running Debian testing and seem to recall that it was t

Re: apt-get upgrade and kernel images

I think I recall something about debian not upgrading kernel-images except if the user asks for it explicitly. I have been using debian for many years and I can't recall that I ever have gotten an kernel upgrade if I haven't asked for it. Sometimes I had installed a kernel-2.4-386 kernel that was

Re: apt-get upgrade and kernel images

- Original Message - From: "Matt Zimmerman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 01, 2004 8:33 PM Subject: Re: apt-get upgrade and kernel images > On Fri, Feb 27, 2004 at 12:42:16AM -0800, Andris Kalnozols wrote: > > > I am running Debian testing and seem to r