Re: Big VPN

On Wed, 3 Mar 2004 12:07:23 +0100 Richard Atterer <[EMAIL PROTECTED]> wrote: > Hi, CCing the list again because other people might have cleverer > ideas. I hope you don't mind, Jaroslaw. > > On Wed, Mar 03, 2004 at 11:36:27AM +0100, Jaros?aw Tabor wrote: > > That's OK. But what about routing ? Ho

Re: Big VPN

On Wed, Mar 03, 2004 at 08:54:38AM +0100, Dariush Pietrzak wrote: > > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > > such it does not work with 2.6. > That is untrue. > 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x Right! I shouldn't write mail at

Re: Big VPN

W liście z śro, 03-03-2004, godz. 12:07, Richard Atterer pisze: > Later, when network number 42 has been set up to use 10.0.42.0/24, you only > need to update the DNS entry of ipsec42.mydomain.net and all other LANs > should be able to use it. (New IPSec links will be set up on demand once > an

Re: Big VPN

Hi, CCing the list again because other people might have cleverer ideas. I hope you don't mind, Jaroslaw. On Wed, Mar 03, 2004 at 11:36:27AM +0100, Jaros?aw Tabor wrote: > That's OK. But what about routing ? How to inform other nodes, about new > subnet ? I think, that this will require some kind

Re: Big VPN

> What is Racoon like in terms of configuration ease? I've used FreeSWAN and > wilst it's not the easiest to set up, once you've got your head around it, > it does make sense. Racoon makes sense from the start;) -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75

Re: Big VPN

Milan P. Stanic was heard to utter, at roughly 03/03/04 00:25: On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote: On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor,

Re: Big VPN

On Wed, 3 Mar 2004 12:07:23 +0100 Richard Atterer <[EMAIL PROTECTED]> wrote: > Hi, CCing the list again because other people might have cleverer > ideas. I hope you don't mind, Jaroslaw. > > On Wed, Mar 03, 2004 at 11:36:27AM +0100, Jaros?aw Tabor wrote: > > That's OK. But what about routing ? Ho

Re: Big VPN

On Wed, Mar 03, 2004 at 09:39:06AM +0100, Jaros?aw Tabor wrote: > I don't know IPSec so good, so one question: if I will add new node > (LAN), do I need to update configuration of all others about it ? This is > my biggest concern... I'm not so sure about this - anybody else? But I think it's pos

Re: Big VPN

On Wed, Mar 03, 2004 at 08:54:38AM +0100, Dariush Pietrzak wrote: > > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > > such it does not work with 2.6. > That is untrue. > 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x Right! I shouldn't write mail at

Re: Big VPN

W liście z śro, 03-03-2004, godz. 12:07, Richard Atterer pisze: > Later, when network number 42 has been set up to use 10.0.42.0/24, you only > need to update the DNS entry of ipsec42.mydomain.net and all other LANs > should be able to use it. (New IPSec links will be set up on demand once > an

Re: Big VPN

Hi, CCing the list again because other people might have cleverer ideas. I hope you don't mind, Jaroslaw. On Wed, Mar 03, 2004 at 11:36:27AM +0100, Jaros?aw Tabor wrote: > That's OK. But what about routing ? How to inform other nodes, about new > subnet ? I think, that this will require some kind

Re: Big VPN

> What is Racoon like in terms of configuration ease? I've used FreeSWAN and > wilst it's not the easiest to set up, once you've got your head around it, > it does make sense. Racoon makes sense from the start;) -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75

Re: Big VPN

Milan P. Stanic was heard to utter, at roughly 03/03/04 00:25: On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote: On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor, Open

Re: Big VPN

Hello! W liście z wto, 02-03-2004, godz. 22:57, Richard Atterer pisze: > Does each of these 100 LANs need to connect to *any* other LAN, or just to > "your" LAN? Are the LANs real LANs or do you only want to connect single > "road warrior" machines to "your" LAN? Generally I need possibility

Re: Big VPN

On Wed, Mar 03, 2004 at 09:39:06AM +0100, Jaros?aw Tabor wrote: > I don't know IPSec so good, so one question: if I will add new node > (LAN), do I need to update configuration of all others about it ? This is > my biggest concern... I'm not so sure about this - anybody else? But I think it's pos

Re: Big VPN

> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > such it does not work with 2.6. That is untrue. 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9

Re: Big VPN

> think an acceptable user-land alternative might be openvpn. I would I don't think openvpn would easily handle such large number of connections, it would be also a configuration nightmare. tinc was designed to handle such scenario, but I wouldn't use anything user-land for ~100 lans, no metter h

Re: Big VPN

On Wed, Mar 03, 2004 at 01:25:46 +0100, Milan P. Stanic wrote: > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > such it does not work with 2.6. "For Kernel's 2.6.0 and higher, Openswan uses the built in IPsec support. Only the userland component of Openswan is required t

Re: Big VPN

Hello! W liście z wto, 02-03-2004, godz. 22:57, Richard Atterer pisze: > Does each of these 100 LANs need to connect to *any* other LAN, or just to > "your" LAN? Are the LANs real LANs or do you only want to connect single > "road warrior" machines to "your" LAN? Generally I need possibility

Re: Big VPN

> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > such it does not work with 2.6. That is untrue. 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCR

Re: Big VPN

> think an acceptable user-land alternative might be openvpn. I would I don't think openvpn would easily handle such large number of connections, it would be also a configuration nightmare. tinc was designed to handle such scenario, but I wouldn't use anything user-land for ~100 lans, no metter h

Re: Big VPN

On Wed, Mar 03, 2004 at 01:25:46 +0100, Milan P. Stanic wrote: > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as > such it does not work with 2.6. "For Kernel's 2.6.0 and higher, Openswan uses the built in IPsec support. Only the userland component of Openswan is required t

Re: Big VPN

On Wed, Mar 03, 2004 at 01:33:17AM +0100, I.R. van Dongen wrote: > Jan Minar wrote: > > >IMHO, the key words in Richard's posting are ``[not] enough expertise'', > >and ``a track record''. The idea that the [conceptual] flaws will be > >fixed in The Next Release [TM], although quite common amongs

Re: Big VPN

On Wed, Mar 03, 2004 at 01:33:17AM +0100, I.R. van Dongen wrote: > Jan Minar wrote: > > >IMHO, the key words in Richard's posting are ``[not] enough expertise'', > >and ``a track record''. The idea that the [conceptual] flaws will be > >fixed in The Next Release [TM], although quite common amongs

Re: Big VPN

In article <[EMAIL PROTECTED]> you wrote: > I'm personally in favour of an IPsec VPN using openbsd or linux 2.6. For a distributed Installation with up to 100 sites, I strongly recommend to go with a small SOHO Router appliance. Because they are easy to replace with UPS delivery, they are more rob

Re: Big VPN

Jan Minar wrote: IMHO, the key words in Richard's posting are ``[not] enough expertise'', and ``a track record''. The idea that the [conceptual] flaws will be fixed in The Next Release [TM], although quite common amongst the people, is a mere instance of a proof by wishful thinking. Clueless a

Re: Big VPN

On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote: > On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > > If you're looking for a VPN solution, by all means look at FreeS/WAN (or its > > likely successor, OpenSWAN). Just forget about OE. OE isn't about the type > >

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >You might want to check tinc (http://tinc.nl.linux.org) > > > > > > > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > > > > >>You might want to check tinc (http://tinc.nl.linux.org) > >> > >> > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

In article <[EMAIL PROTECTED]> you wrote: > I'm personally in favour of an IPsec VPN using openbsd or linux 2.6. For a distributed Installation with up to 100 sites, I strongly recommend to go with a small SOHO Router appliance. Because they are easy to replace with UPS delivery, they are more rob

Re: Big VPN

Richard Atterer wrote: On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough exp

Re: Big VPN

Jan Minar wrote: IMHO, the key words in Richard's posting are ``[not] enough expertise'', and ``a track record''. The idea that the [conceptual] flaws will be fixed in The Next Release [TM], although quite common amongst the people, is a mere instance of a proof by wishful thinking. Clueless aut

Re: Big VPN

On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote: > On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > > If you're looking for a VPN solution, by all means look at FreeS/WAN (or its > > likely successor, OpenSWAN). Just forget about OE. OE isn't about the type > >

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >You might want to check tinc (http://tinc.nl.linux.org) > > > > > > > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough expertise to build a secure tool 2 yea

Re: Big VPN

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > > > > >>You might want to check tinc (http://tinc.nl.linux.org) > >> > >> > > > >I strongly recommend *not* to use tinc. > >

Re: Big VPN

On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > > about security. > > If you're looking for a VPN solution, by all means look at FreeS/

Re: Big VPN

Richard Atterer wrote: On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough expertise

Re: Big VPN

On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > about security. If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor, OpenSWAN). Just forget about OE. OE isn't about t

Re: Big VPN

Jaroslaw Tabor wrote: Hi all! I know that this list isn't the best place to ask, but I'm reding this list for years. I hope You will forgive me :) I'm looking for good linux (debian of course) based solution for VPN connecting about 100 LANs. The solution should be stable, easy for implementat

Re: Big VPN

On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > You might want to check tinc (http://tinc.nl.linux.org) I strongly recommend *not* to use tinc. illustrates that the authors didn't have enough expertise to build a secure tool 2 yea

Re: Big VPN

On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote: > On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > > about security. > > If you're looking for a VPN solution, by all means look at FreeS/

Re: Big VPN

On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote: > I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid > about security. If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor, OpenSWAN). Just forget about OE. OE isn't about t

Re: Big VPN

Jaroslaw Tabor wrote: Hi all! I know that this list isn't the best place to ask, but I'm reding this list for years. I hope You will forgive me :) I'm looking for good linux (debian of course) based solution for VPN connecting about 100 LANs. The solution should be stable, easy for implementation