cobra at jps.net
Mon Jul 23 21:38:01 PDT 2001
Now.. Now .. lets all calm down, and take this off line.
( We all know the Rules on the SVLUG list )
I hope both of you are mature enough to let this end.
----- Original Message -----
From: "Will Lowe" <harpo at udlug.org>
To: "Rick Moen" <rick at linuxmafia.com>
Cc: <svlug at svlug.org>
Sent: Saturday, July 21, 2001 10:31 AM
Subject: Re: [svlug] PPTP?
> > You know, the position of Global Village Idiot has a long waiting list.
> Heh. So is the line for Global Village asshole; keep trying. And
> given that your suggested Google string was nearly a complete bust,
> I'm tempted to ask if your name is ahead of mine on the Global Village
> Idiot list, too.
> > Out of idle curiosity: Have you stumbled across the LDP's VPN HOWTO,
> > yet, or is that going to take you a few more days of research?
> Sure. I take it that you haven't stumbled across this yet:
> Let's start over here; I concede that my intial query wasn't
> well-formatted. You stated that there were "plenty of available
> alternatives" for Linux VPNs, presumably in a corporate environment,
> because that's what the discussion was about.
> Here's what I should've said:
> 1) PPTP : insecure. Linux support (for encrypted pptp tunnels that
> interoperate well with other vendors, such as Cisco and M$) is ...
> immature, at best.
> 2) CIPE: it's awesome. I've had some CIPE tunnels up linking remote
> sites and data centers to our office now since November, and I've had
> NO trouble with them. There's even a windows implementation. BUT I'm
> not sure I want to try to configure it for the 100+ Windows-using
> non-geeks in the office, including having each one have to connect to
> a different IP address or Port. They'll be immensly confused. Yes,
> one or two of these people might belong in the line of Global Idiots, but
> for the most part they're just secretaries and marketing guys who
> want to do their jobs without also doing mine.
> * At this point, let's acknowledge that VERY few people have the
> ability to disregard Windows at work. I hate it, you hate it,
> sometimes I think even Mr. Gates must hate it, but it's a reality, and
> I'm unlikely to convince my CEO that he has to learn to use Linux just
> to read his email from home and grab a .ppt he left on his desktop at
> work (which he'll then be unable to open anyway). Attitudes like the
> one you fed me last night don't help get rid of the corporate fear of
> anything non-M$, and therefore don't help you collect your consulting
> 3) PPP-over-SSH: suffers from the backoff (and MTU?) problems
> associated with TCP-in-TCP. Non-windows only. Otherwise,
> generally workable, but many users are stuck at home behind lossy
> or congested lines, where the aforementioned problems are worst.
> 4) FreeS/WAN: seems like long-term this might be the best solution,
> but when I last tried it (nearly 6 months ago now) there were serious
> interoperation problems. It looks like some of those may have been
> resolved in more recent releases:
> 5) vtun and vpnd: again, Unixish things only. Also suffer from
> the config problems of CIPE, IIRC. I haven't played with them
> myself, but the reports I've had from friends are that they work
> pretty well.
> This leaves us with ONE reliable, multiplatform (required by the
> "corporate environment" postulate above) interoperable (maybe?),
> relatively-mainstream VPN solution involving Linux. What I MEANT to be
> asking last night was "what else can you think of, and do you have any
> experience with it that makes you want to recommend it?"
> svlug mailing list
> svlug at lists.svlug.org
More information about the svlug