Linux and VPN Products


Now that you know most everything you need to in order to understand VPNs, it's time to take a look at different Linux VPN products and what issues need to be addressed when using VPNs in concert with firewalls. It should be noted that IPSec support is now available with the Linux 2.6 kernel series as well.

Let's start by looking at some VPN systems available for Linux and discussing their merits. This is by no means an exhaustive list, but it does provide a good place to start.

Openswan

Openswan is an open-source implementation of VPN software that works very well with Linux. Openswan is included with many Linux distributions, including SUSE, Debian, and Red Hat. Openswan currently has two main development branches: the 1.X branch for 2.X kernels prior to 2.6, and the 2.X development branch of Openswan for the 2.6 kernel series.

Openswan is one of the easier Linux implementations of VPN software to set up. More information can be found at http://www.openswan.org/.

FreeS/WAN

Linux FreeS/WAN is another good IPSec VPN implementation for Linux. FreeS/WAN is maintained and supported at http://www.freeswan.org.

Linux FreeS/WAN gets its name as a variation of SWAN, which means secure wide area network. Because it's free, it's called FreeS/WAN to differentiate it from the various RSA implementations of SWAN.

FreeS/WAN can be used by itself or as part of a firewall solution. In fact, the product is used in various other IPSec VPN firewalls and router products, and it is also part of some Linux distributions. There is a development version that works with the newer kernels, but the release version is guaranteed to work only on current stable series kernels. The documentation available is extensive, and the mailing list is extremely helpful.

Virtual Private Network Daemon

Virtual Private Network Daemon (VPND) is a network daemon that can connect two networks using either a leased line or standard TCP/IP over Ethernet. All traffic going between the two sites is encrypted using the Blowfish algorithm.

VPND has a lot of merit. It's simple to set up and use, and it is probably a good solution for people who just want to share resources and data securely without going through a lot of hassle.

However, VPND is not without problems. First, it has not been updated to work with the latest kernels and really hasn't been actively developed or improved on for a couple of years. You can find more information on VPND at http://sunsite.dk/vpnd/.

PPTP Linux Solutions

As mentioned before, a couple of PPTP solutions are in active development. Why use a PPTP solution if there are security problems? To fit into an existing PPTP VPN solution while still using Linux as your operating system.

For example, if you work for a company that uses a PPTP VPN system and you occasionally work at home, you can use a PPTP Linux client to connect to the office network. Similarly, if you're in the office and want to connect to your Linux system at home, you can use a PPTP VPN client to access your home network.

POPTOP

PoPToP is a PPTP VPN server solution for Linux developed by Lineo. This package requires a new version of PPP, with some patches applied to it, to work correctly. PoPToP is an excellent PPTP "server" solution that can be used with the Linux PPTP "client" as well as standard PPTP clients. You can find more information, including install instructions, mail list archives, and more, at http://www.poptop.org/.

Virtual Tunnel

One other product deserves mention here: the Virtual Tunnel (VTUN) project. VTUN is an open-source project that creates an encrypted tunnel between two computers or networks. It can run over TCP or UDP, and it uses good cryptographic algorithms such as Blowfish and 3DES to encrypt the data.

VTUN is under active development and works with newer kernels. Someone with simple requirements would do well to look into this project. More information on VTUN is available at http://vtun.sourceforge.net.




Linux Firewalls
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
ISBN: 1593271417
EAN: 2147483647
Year: 2005
Pages: 163
Authors: Michael Rash

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net