Domain: moretonbay.com
Stories and comments across the archive that link to moretonbay.com.
Comments · 12
-
Re:Hmmmmm
Ooops. Screwed up the link. Its Linux on Coldfire
-
Ask a simple question - get mostly rude answers.
!rant! I fail to understand why people get so rude and sarcastic here when someone asks a valid question. !rant!
Anyway, I've been going through the samething here at work. We're software developers with not alot of extra money to be throwing around at every whizbang VPN hardware solution that exists. And yes, there's plenty of them.
Regardless, we need some type of VPN solution as we have folks that a) don't work in the office, or b) work primarily at home.
So, what do we do? it's simple. We use the built-in VPN solution that ships with NT. Mock me if you will, but it works. It's not secure, no - you're right, but some security is better than no security.
When I say, "it works" - I mean.. it works. The off-site employees plugin in the appropriate information into dialup networking and when they connect to the office - they connect. They see our machines, and we see their machines. It's slow, it's crude, but it works.
Now, that doesn't mean we like it, or enjoy using it, but it works. We're currently in the process of eliminating NT from our network in favor of linux solutions. We're doing this on a fairly grand scale. Not only are we removing those machines, but we're removing other things as well - such as Visual Sourcesafe (feh!).
But - now, we've run into the same problem that the poster is inquiring about. What about VPN?
Well, no problem..(or so I thought). As one of the few people around actually helping push the NT boxes out of the office and applauding the arrival of the linux boxes, I happily jumped onto the web and started investigating what solutions were available for me. What did I discover? oh - there's plenty of things available - all of them although very noble in their attempts - do not do what we need.. not exactly, anyway.
What do we need? we need simplicity - that's what we need. We need our employees to be able to click the little dialup networking icon, connect to the office, and have it seem like they were here in the office. To be able to see our machines, and for us to see their machines.
Forget about all the other ways it can be done. The fact is - the people that need VPN don't want to waste their time futzing with setting up extra hardware in their house. They want simple.
The only thing that comes close is PoPToP and unfortunately, at this time it doesn't come close enough. I could go into detail why it doesn't come close, but if you subscribe to the mailing list, or try to implement it yourself, you'll see why it's not ready for primetime.
Many people are bitching about the guy wanting something for free and blah, blah. Well, folks - the solution ships free with NT, and it works. When you finally convince the headcheeses to junk the NT solutions and move over to linux (it takes a lot of convincing) you can't come back a day later and say, "oh, btw, we need an extra (insert dollar amount) for this VPN hardware solution." Because you know - they'll just come back and say, "That worked just fine with NT."
So, this has just been alot of babble really. This issue just hits home with me because I've been dealing with it so much. We tried multiple times with PoPToP, but it just wasn't consistent, or reliable in operation.
We found a solution, though. We kept the linux boxes, and just left the NT box around to be the VPN gateway. We'll probably upgrade that machine to Windows 2000 in the near future, though. Windows 2000 has even better VPN built-in.
To the poster, if you don't find anything that works for you, and you can budget a hardware solution, I recommend you look into the same hardware solution we looked at, but cannot afford. It's called, "Intraport." The company was recently acquired by Cisco. Here's a link.
I'm done now.
-
Re:WTF??
IMO PoPToP has some serious issues. Unfortunately, most are outside the scope of what the PoPToP developers can work with:
1) Kernel patches (yay). There seem to be problems getting these patches to work with some distros (read: Red Hat) that have slightly-customized kernels
2) Windows only supports some real lame encryption out-of-the-box. To get 128 bit, you have to go through some real hoops to get the software from Microsoft, only to find it doesn't work.
3) Firewall/IPMasq causes even more fun, depending on which side of the firemasq the PPTP server is on.
4) Browsing windows shares over a VPN link is akin to black magic and seldom works.
These are the most common issues I've seen (and I'm a lurker on the PoPToP list). To their credit, the gang that make this software have integrated it into a hardware box (look for the NetTel) that does both PPTP and Firewall functionality. It's pretty inexpensive at $399US, and I'm pondering just buying that instead of hacking around on my own. -
PoPToP
Moretonbay, the company who gave us so much work on uCLinux has PoPToP, a Linux PPTP server.
I have set it up personally and included the MPPE and stateless patches which give excellent performance and 128-bit encryption.
You mentioned that immature code need not apply. I can't say how mature this code is but I have not had any problem with the encryption nor the actual VPN going down or otherwise futzing up.
PoPToP uses pppd + openssl with a custom daemon to set up Windows VPN connections. You can force MSCHAPV2 (V1 has problems with security, what else is new?
:-), enforce 128-bit encryption, use PAP or CHAP, whatever you please. Since it is pppd which is authenticating, you can use PAM or whatever authentication methods you can use with pppd. Another important feature is that you can configure pptpd to assin IPs or have pppd do it for you. Configuring for MPPE and stateless compression was a bit of a pain but in reality it involved scanning the already big mailing list and applying the correct version of the patches.Overall I am very pleased with PoPToP, even if my typing slows to 10WPM when I have to type the name.
:-) -
WTF??
(I have an answer to the question at the end of my rant)
Is there an open Slashdot terminal in some public place? Because these "Ask Slashdots" are starting to seem more like "Ask A Random Question Without Searching First". This is getting REALLY lame.
Now, then. Go to Yahoo (yes, even Yahoo can find this, albeit through Google). Type "linux vpn". Find a link. Follow it.
For those that aren't interested in enough to click, this is PoPToP, a Linux implementation of the server-side of MS PPTP. A secure implementation. Why PPTP? Because you want Windows clients and the only thing they do out of the box is PPTP. BTW, PoPToP is GPL'd....
-- -
PoPToP for Linux
PoPToP is an open source implementation of PPTP under Linux. I've used it. It's solid. It rocks.
-
Re:Workin' at home with DSL
Thanks to the June Linux Journal, here's a link to the PoPToP home page. PoPToP is a free server implementation of the PPTP that works with MSCHAPv2. Not sure about compression.
-
link
>What's the link to that Moreton Bay nettel?
here's that Moreton Bay link i think: NETtel -
Ya know what these MIGHT be good for though...Take this thing and modify it a little.
- Run it off of house power, transformerless power supply.
- slap on an X10 interface or RS485
- have an internal ID that's 10 bits or so
Now you have an army of quick little PICs to do your bidding around the house. Now you have your toaster, light bulb, microwave, catfood-dispensers all controlled from the web. Anything that requires some power (relays, etc.) will either be AC relays driven with a triac or will use a heftier power supply, since the base unit would only need about a milliAmp or so of current to talk and sense.
And... AND.. it's not fraud this time! :-)
... Every device doesn't need to be TCP/IP. Just one. the rest need to be able to talk to this proxy. Why put all the power in each device like that? - Run it off of house power, transformerless power supply.
-
Related Links
ZDNET story
Register Article
Clip 1 from yesterday at mu.current.nu:
Motorola Computer Group is going to be at the Linux Expo August 9-12 in San Jose, CA, to talk about using Motorola hardware for embedded Linux solutions.
Related Clip from Sunday on mu.current.nu: The PPTP Server is out, brought to you by Moreton Bay. If you don't remember who they are, maybe I can remind you, in February we released the first Linux port to the Motorola Coldfire family of processors. The nice thing to note, is that coldfire hardware can be had from Motorola Digital DNA at a fairly reasonable price. -
Related Links
ZDNET story
Register Article
Clip 1 from yesterday at mu.current.nu:
Motorola Computer Group is going to be at the Linux Expo August 9-12 in San Jose, CA, to talk about using Motorola hardware for embedded Linux solutions.
Related Clip from Sunday on mu.current.nu: The PPTP Server is out, brought to you by Moreton Bay. If you don't remember who they are, maybe I can remind you, in February we released the first Linux port to the Motorola Coldfire family of processors. The nice thing to note, is that coldfire hardware can be had from Motorola Digital DNA at a fairly reasonable price. -
Related Links
ZDNET story
Register Article
Clip 1 from yesterday at mu.current.nu:
Motorola Computer Group is going to be at the Linux Expo August 9-12 in San Jose, CA, to talk about using Motorola hardware for embedded Linux solutions.
Related Clip from Sunday on mu.current.nu: The PPTP Server is out, brought to you by Moreton Bay. If you don't remember who they are, maybe I can remind you, in February we released the first Linux port to the Motorola Coldfire family of processors. The nice thing to note, is that coldfire hardware can be had from Motorola Digital DNA at a fairly reasonable price.