Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] VPN
- Date: Mon, 6 Dec 2004 23:39:24 +0900 (JST)
- From: Tod McQuillin <devin@example.com>
- Subject: Re: [tlug] VPN
- References: <41B4447F.5060706@example.com> <20041206142916.GA29884@example.com>
On Mon, 6 Dec 2004, Christopher SEKIYA wrote: > On Mon, Dec 06, 2004 at 08:37:35PM +0900, Jacques Deguest wrote: > >> As far as I know, there are 3 main types of VPN: FreeS/Wan, OpenVPN (SSL >> VPN) and PPTP. > > No. There are two types of VPN: > > 1) IPSEC, > 2) everything else. > > Option #1 is trustworthy _only_ if the following are true: > > * XAUTH is not being used, > * both endpoints are controlled, > * the CA has not been compromised (x.509 only) > * the preshared secret is an ungodly long string generated by a monkey > banging on a keyboard for a bit. > > Option #2 ain't even close to trustworthy. Go ahead -- set up a > solution using PPTP, go to defcon, use it, and see how fast your > concentrator is cracked. Chris omits to mention why SSL and other TCP/IP based solutions (like ppp over SSH etc) are a bad idea: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html -- Tod
- Follow-Ups:
- [tlug] Re: VPN
- From: Tobias Diedrich
- Re: [tlug] VPN
- From: Stephen J. Turnbull
- [tlug] Re: VPN
- References:
- [tlug] VPN
- From: Jacques Deguest
- Re: [tlug] VPN
- From: Christopher SEKIYA
- [tlug] VPN
- Prev by Date: Re: [tlug] [Really unforgivable blatant advertising omitted]
- Next by Date: [tlug] Re: VPN
- Previous by thread: Re: [tlug] VPN
- Next by thread: [tlug] Re: VPN
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |