Note: This web page was automatically created from a PalmOS "pedit32" memo.

VPN info


Why VPN? So that protocols that would otherwise be vulnerable to replay attacks (EG, sniffing passwords and reusing them later), travel encrypted.
The campus has an IPSEC VPN at the campus network border. However, this will most likely -not- encrypt your network traffic over its entire path.
PPTP comes from Microsoft, and is included with many ms windows releases. Despite the many problems in PPTP, Bruce Schneier indicates that the problems were in microsoft's implementation of their protocol, not in the protocol's design. PPTP is good if you have lots of roaming clients (laptops, PDA's, &c). There are two PPTP servers and one PPTP client (?) for linux. One of the PPTP servers (Poptop) is also available for Solaris.
IPSEC is a relative pain to set up, but IPSEC does come with windows xp, and possibly windows 2000 as well. Of course, recent linux (including FC2 and RHEL3) support it fairly well. IPSEc may have a performance advantage over the alternatives.
OpenVPN is supposed to be very easy to set up, and works with linux, perhaps others. It requires the "tun" linux kernel module, which unfortunately is not included with RHEL 3 for x86_64 at present.
Really nice table comparing different VPN solutions: http://mia.ece.uic.edu/~papers/volans/table.html
In FC3's IPSEC implementation: setkey, a program to directly manipulate policies and SAs racoon, an IKEv1 keying daemon
I set up PPTP on my wife's windows 2000 professional machine yesterday. It worked with the version of Poptop in Devil Linux 1.2 very easily. I didn't have to change anything on the Devil Linux side; what I'd already set up for my Palm Pilot worked just fine.
I perhaps should also mention that the Poptop in DL 1.2 is also working smoothly with the Mergic PPTP client that comes with the PalmOne Tungsten C (PalmOS 5.2.1, with TCUpdate3_enUS).
Setting up OpenVPN with static, shared keys: openvpn --genkey --secret static.key ...run this from /etc/openvpn. You can use a rc script along the lines of this: case "$1" in start) for i in /etc/openvpn/*.conf do /usr/local/sbin/openvpn --cd /etc/openvpn --config $i & done ;; stop) killall -v openvpn ;; esac It's really pretty simple, at least when you use static, preshared keys.
There's an OpenVPN HOWTO with more information at: http://openvpn.sourceforge.net/howto.html
"vpnc" is purportedly a client for interoperating with the Cisco VPN
Setting up a PPTP client on FC4: http://pptpclient.sourceforge.net/howto-fedora-core-4.phtml


Back to Dan's palm memos