[ale] Poptop

Michael H. Warfield mhw at WittsEnd.com
Tue Mar 14 10:03:57 EST 2006


On Tue, 2006-03-14 at 09:29 -0500, Christopher Fowler wrote:
> On Tue, 2006-03-14 at 09:22, Michael H. Warfield wrote:
> 
> > 	You might get OpenVPN to work as well, but that will require third
> > party software on your XP clients.  XP should already have IPSec NAT-T
> > and merely needs to be configured on those XP clients.  Depending on
> > your needs (like large numbers of clients and high traffic) OpenVPN does
> > not scale as well as IPSec, either.
> > 

> I was hoping I could get pppd working on Cygwin then I could possibly
> look at writing a front end for vtun that could use the minimal cygwin
> environment to initiate a tunnel.

	I don't know...  I don't think you're going to have a lot of luck with
that.  Vtun uses the tun/tap devices (like OpenVPN), which I don't think
are supported by cygwin, are they?  You'll have to figure out some way
of tapping into the routing and networking layers to emulate a network
device and configure routing.  They've done that on OpenVPN and it's NOT
a pretty picture.  They had to go through some real effort to get things
to work on XP without having the user be forced to be a system
administrator and such.  Glancing at their (vtun) mailing list, I saw
some remarks about SSL authentication.  If it's using SSL for
authentication, you might as well just use OpenVPN.  It's basically the
same critter, except you don't have to layer and configure ppp in there
as well and they've already got the XP client.  I don't see any
advantage of vtun over OpenVPN.

	And you are still going to be faced with the same problems over the NAT
at both ends.  Something is going to have to pass something over that
NAT from the global address.

	I haven't seen any peer reviews on vtun, either.  That pretty much
killed CIPE when they discovered problems and the author didn't step up
to the plate to fix them.  I haven't heard much at all about vtun (good
or bad).  Which is not, generally, a good thing.

> > 	Mike

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list