[TriLUG] VPN questions

Ryan Leathers ryan.leathers at globalknowledge.com
Tue Aug 12 17:14:26 EDT 2003 

Jon,

I appreciate the response, and I had considered using SSH but my hunch
is it won't meet my needs.  Although I use SSH to tunnel VNC and other
stuff I recognize an obvious performance hit when I do so.  This is to
be expected using a character application for something it wasn't truly
designed to do.  Given the volume of data I expect to push around across
the Internet I THINK I need something with a greater payload to header
ratio.  IPSEC is the likely winner in my mind.  

Upon further review of FreeS/WAN the "road warrior" examples are pretty
close to on target for my needs so I'm gonna give that a go.  If it
doesn't work out I'll fall back on SSH as the lowest common denominator
approach - I know I can at least move SOME amount of data where I want
it that way.

Ryan
 

On Tue, 2003-08-12 at 16:03, Jon Carnes wrote:
> I think you will be happy with ssh.  The machine behind the NAT/firewall
> will have to initiate the connection, but ssh can do port tunneling, and
> that is exactly what you want.
> 
> If you want details, let me know - or read the archives from yesterday!
> 
> Jon Carnes
> 
> On Tue, 2003-08-12 at 15:24, Ryan Leathers wrote:
> > I would like to put a Linux server in a remote LAN where the LAN users
> > will access a web application running on the server.  I need that server
> > to connect to a database through a Cisco VPN concentrator or PIX across
> > the Internet.  I have looked at using the Cisco VPN client for Linux,
> > but it requires that UDP traffic be allowed inbound to the client.  I
> > can't allow this.
> > 
> > Can anyone suggest a solution that will use only client initiated
> > connections - preferably on TCP 443 ?
> > 
> > I am now looking at FreeS/WAN but this seems to be all about forwarding
> > traffic through a tunnel between private networks rather than a client
> > connecting via a tunnel.  As such my concern with freeswan is that
> > timeout induced reconnects will not necessarily be initiated from the
> > client (remote LAN) side. 
-- 
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030812/418e910f/attachment.pgp>

More information about the TriLUG mailing list