Domain: buildinglinuxvpns.net
Stories and comments across the archive that link to buildinglinuxvpns.net.
Comments · 9
-
PPP over SSH/SSL/etcPPP (I haven't used PPPoE) over SSH or SSL/TLS (Stunnel) works like a charm. The problem is correctly configuring the authentication (you want to have both machines authenticate the other) and locking it down (you don't want the user to be able to do *anything* except create the network connection) and automating the route additions and any other changes (easiest to handle via ppp's up/down script support.)
I've written up step-by-step instructions and scripts that will do the whole durned thing, no brain required, that are in Building Linux VPNs, but was unable to convince NewRiders that one of these chapters should be the one put online. (Instead they picked chapter 1 which, while fine, doesn't provide any instantly-usable information for someone trying to actually build a VPN.
There are a few examples on stunnel.org for setting one up with Stunnel (3.x). You may also want to learn how to correctly use and restrict passwordelss SSH ability here including using authprogs to restrict commands. (You do use command="",no-port-forwarding,no-x11-forwarding,n
o -agent-forwarding,from="" in all your .ssh/authorized_keys don't you? )Eventually, the TCP over TCP factor will kick in, and your VPN will be slow. But with a simple ping timer, you can kill/restart connections pretty painlessly via cron.
Plus, no kernel recompilation is required.
-
List of LuminariesI can't believe I haven't heard about this yet! I live in Tacoma, and admittedly I've never managed to make it to the LUG meeting here. You'd hope that some local papers, etc, would have meantioned this, but we are in the Microsoft Municipality here, so what can you expect.
I was looking at the list of speakers, and damn, it's impressive.
- Brian Hatch - author of Hacking Linux Exposed, Building Linux VPNs, and the Linux Security newsletter, talking about Linux Security
- Brian "Krow" Aker, slash guru and author of "Running weblogs with Slash" from O'Reilly and one of the Slashdot team, talking about how to optimize MySQL for high traffic websites.
- Dr Crispin Cowan of WireX, creator of things like StackGuard, FormatGuard, and Immunix
- Dr Tim Maher, a white camel award recipient and the guy who runs the Seattle perl user group, talking about shell and perl that should be seen by everyone, based on his upcoming book
This promises to be a really cool - I look forward to going up there this weekend!
-
Yes, EFF donations for OSWB as well.(I'm answering for James because he's out on vacation right now. At least I think he still is, he was yesterday.)
Yes, the Amazon and B&N links that are on OSWB uses the same HTML as the Hacking Linux Exposed books page (and the Building Linux VPNs books page too, since you're asking.)
So by all means, go out and buy bunches of copies of Open Source Web Development with LAMP and help the Electronic Frontier Foundation at the same time. Or, if you don't like to buy online, go to your favorite book store and buy it there, and send any money you saved on shipping to the EFF yourself.
-
Re:How does the EFF donation apply?See the original
/. comment as well as our website for our reasoning behind giving money to the EFF.In short, yes, the donation will apply to any books that get credited to our affiliate accounts. You can go through the book links on any of the following sites:
- Hacking Linux Exposed
The book that caused yet another "Hacking" vs "Cracking" thread on Slashdot. I apologize. - Building Linux VPNS
A book by Oleg Kolesnikov and I, reviewed on slashdot last year, other reviews here. - Onsight.com
James and my company. - Open Source Web Development with LAMP
A top-notch web development book by James Lee (co-author of HLE and HLEv2) and Brent Ware. I tech edited this book, and also benifited from it in a user capacity, for example setting up the handler that controls access to the auto linux hacking software.
Going through any of those links will work. If you prefer, you can just send money to the EFF directly and cut out the middle man.
- Hacking Linux Exposed
-
Re:How does the EFF donation apply?See the original
/. comment as well as our website for our reasoning behind giving money to the EFF.In short, yes, the donation will apply to any books that get credited to our affiliate accounts. You can go through the book links on any of the following sites:
- Hacking Linux Exposed
The book that caused yet another "Hacking" vs "Cracking" thread on Slashdot. I apologize. - Building Linux VPNS
A book by Oleg Kolesnikov and I, reviewed on slashdot last year, other reviews here. - Onsight.com
James and my company. - Open Source Web Development with LAMP
A top-notch web development book by James Lee (co-author of HLE and HLEv2) and Brent Ware. I tech edited this book, and also benifited from it in a user capacity, for example setting up the handler that controls access to the auto linux hacking software.
Going through any of those links will work. If you prefer, you can just send money to the EFF directly and cut out the middle man.
- Hacking Linux Exposed
-
How does the EFF donation apply?
Does the donation to the EFF apply only if I go through the Hacking Linux Exposed website? I bought a copy of that two weeks ago. However I was going to get Building Linux VPNS which is by Hatch and Kolesnkov. Does the EFF donation apply to that too?
-
Not all of usThere are plenty of us who write because it's fun, because we like sharing knowledge, and who are not millionaires. I loose money for each book I write because writing pays off I'm writing, which earns piddly royaltees, instead of doing real security/sysadmin work. And worse, you aren't getting paid anything while you're doing the writing, only after you're done.
And I don't think you'll find many authors who want to get rid of libraries. Publishing houses, now that's possible. But don't blame the ones who do the grunt work. (Smacks of the artist vs MPAA/RIAA situation, eh?)
And as to the 'used books are killing our business' angle, baloney. If someone reads one of my books and doesn't think it's worth keeping, by all means they should get rid of it. I never sell off old books, but I do give them away to friends a lot. Or my newer trend, when I have a book I consider crap then I'll write one that I'd want to read.
It's much more rewarding.
Even if it doesn't pay squat.
-
Benevolent DictatorWhat you're looking to do is become a 'benevolent dictator' much like Linus is to the Linux kernel. That's an admirable goal, and one that works fairly well if you're up to the task.
Clearly defining the goal of the project is important. Take cURL for example. It is made to snag URLs and shoot the results to STDOUT. It has all the options you could need to support authentication, posting, etc. In fact, the majority of the code is in the library, not the command line utility itself.
Now folks say "Hey, let's make it a GUI application!" but the current maintainers say no, it's a library and a command line tool. However they've been saying that from day one. They clearly define what it is and isn't. It is not a wget replacement, and they don't want it to be. Folks will understand when there is consistency in the answers.
I myself briefly maintained Stunnel (stunnel.org) because the author was offline for six months and there were security issues that needed to be addressed. I didn't want it to be a fork, because I wanted to hand ownership back to the original author once he returned, and that's exactly what happened. He'd done a great job incorporating things that most folks needed.
That said, many people had visions beyond what Mike was willing to incorporate into the official version. Instead of dropping those patches on the floor, I've made them available at the website, so folks can apply them if desired. Thus there is still one consistant main version, but no problems if folks want different versions - just apply the patches.
You must be willing to listen and decide when you're wrong, and when the suggestions go against 'the plan.'
Good luck, and may you enjoy walking that line.
-
Building Linux VPNs book may helpYou will find a useful comparison of Linux-based options in Building Linux VPNs by Oleg Kolesnikov and Brian Hatch.
They include SSH, SSL, IPSec, and other approaches, and don't waste time explaining TCP/IP.
Helevius