Virtual private networks

By Kurt Seifried [email protected]


 

There are a variety of VPN solutions for Linux. I would strongly advise using IPSec if possible since it is the emerging standard for VPN's on the Internet, and will be incorporated with IPv6. On the other hand if you are behind a firewall and want to tunnel out the SSH based solution and so on will do the trick, whereas IPSec will typically fail (since the packet headers are being rewritten).

 

IP Security (IPSec)

If possible use IPSec. It's available on almost all modern operating systems, supports host to host, host to network and network to network configurations as well as a wide variety of authentication options.

 

PPTP (Point to Point Tunneling Protocol)

PPTP is a proprietary protocol created by Microsoft for VPN solutions. To date it has been shown to contain numerous serious flaws. However if you need to integrate Linux into a PPTP environment all is not lost, http://www.moretonbay.com/vpn/pptp.html contains a Linux implementation of PPTP. Fortunately Microsoft is moving away from PPTP towards IPSec.

 

CIPE (Crypto IP Encapsulation)

CIPE is a free IP level encryption scheme, meant for use between routers. It is appropriate for 'bridging' networks securely together over insecure networks (like the Internet). The official cite for CIPE is at: http://sites.inka.de/~W1011/devel/cipe.html. I would however recommend FreeS/WAN as a better long term solution. CIPE is very easy to setup for two servers but anything more then two servers becomes a configuration nightmare.

 

Zebedee

Zebedee provides encryption of TCP traffic between hosts and is available for UNIX and windows. You can get it from: http://www.winton.org.uk/zebedee/.

 


Back

Last updated on 4/10/2001

Copyright Kurt Seifried 2001 [email protected]