[KLUG Members] Are there any _secure_ VPN solutions for Linux?
Bruce Smith
members@kalamazoolinux.org
01 Oct 2003 08:42:23 -0400
> > http://www.mit.edu:8008/bloom-picayune/crypto/14238
> > I would really like to find a Linux VPN solution that is both secure and
> > easy to configure (not requiring a kernel recompile). Which is why I'd
> > like something other than FreeS/WAN.
> > The above article rules out CIPE and VTUN because of weak security.
> > Does anyone have an opinion on how OpenVPN rates on security?
> > (not mentioned in the article) http://openvpn.sourceforge.net/
>
> OpenVPN just uses OpenSSL. And if *THAT* isn't secure...... we are all
> just screwed.
As I suspected, it's more complicated than that. The author of the
article replied (briefly) to my query about his opinion about OpenVPN.
It appears I'm not the only one asking him about OpenVPN. :-)
In fact, me mentions both OpenVPN and FreeS/WAN in his followup article:
http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
I'm not sure what to make out of some of his comments (especially the
Churchill reference). Anyone care to offer their translation? I get
the impression that he doesn't think SSL is a good way to build a VPN,
but there are worse ways. And he doesn't rip on OpenVPN like he does
CIPE (although he admits not knowing about it's internals either).
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------