Note: This web page was automatically created from a PalmOS "pedit32" memo.

VPN info 


Why VPN?

So that protocols that would otherwise be vulnerable to replay attacks
(EG, sniffing passwords and reusing them later), travel encrypted.


The campus has an IPSEC VPN at the campus network border.  However, this
will most likely -not- encrypt your network traffic over its entire path.


PPTP comes from Microsoft, and is included with many ms windows releases.
Despite the many problems in PPTP, Bruce Schneier indicates that the
problems were in microsoft's implementation of their protocol, not
in the protocol's design.   PPTP is good if you have lots of roaming
clients (laptops, PDA's, &c).  There are two PPTP servers and one
PPTP client (?) for linux.  One of the PPTP servers (Poptop) is also
available for Solaris.


IPSEC is a relative pain to set up, but IPSEC does come with windows xp,
and possibly windows 2000 as well.  Of course, recent linux (including
FC2 and RHEL3) support it fairly well.  IPSEc may have a performance
advantage over the alternatives.


OpenVPN is supposed to be very easy to set up, and works with linux,
perhaps others.  It requires the "tun" linux kernel module, which
unfortunately is not included with RHEL 3 for x86_64 at present.


Really nice table comparing different VPN solutions:
http://mia.ece.uic.edu/~papers/volans/table.html


In FC3's IPSEC implementation:
setkey, a program to directly manipulate policies and SAs
racoon, an IKEv1 keying daemon


I set up PPTP on my wife's windows 2000 professional machine yesterday.
It worked with the version of Poptop in Devil Linux 1.2 very easily.
I didn't have to change anything on the Devil Linux side; what I'd
already set up for my Palm Pilot worked just fine.


I perhaps should also mention that the Poptop in DL 1.2 is also working
smoothly with the Mergic PPTP client that comes with the PalmOne Tungsten
C (PalmOS 5.2.1, with TCUpdate3_enUS).


Setting up OpenVPN with static, shared keys:

openvpn --genkey --secret static.key
...run this from /etc/openvpn.

You can use a rc script along the lines of this:

case "$1" in
        start)
                for i in /etc/openvpn/*.conf
                do
                        /usr/local/sbin/openvpn --cd /etc/openvpn --config
                        $i &
                done
                ;;
        stop)
                killall -v openvpn
                ;;
esac

It's really pretty simple, at least when you use static, preshared keys.


There's an OpenVPN HOWTO with more information at:
http://openvpn.sourceforge.net/howto.html


"vpnc" is purportedly a client for interoperating with the Cisco VPN


Setting up a PPTP client on FC4:

http://pptpclient.sourceforge.net/howto-fedora-core-4.phtml


Back to Dan's palm memos