At my last job, I used Evolution with MS Exchange connector to survive without having Windows on my desktop.
At my current job, I've been lucky enough to get a beta copy of Hydrogen, Sun's iPlanet Calendar Connector, and it works reasonably well, though not a fully integrated as I'd like.
Now, GLOW, OpenOffice Groupware's calendar is a standalone app, but also works with WCAP servers. It's new & buggy, but does both local calendaring and server-based, if you have a WCAP backend. It's certainly promising, and if integrated with OpenOffice would be quite nice.
>And if you've got any more questions about openswan, the guy to ask is on slashdot with user id #11! He'll probably be posting in here when it's morning in that part of the world.
Yup, I'm in EST, so it's morning now. Imagine my surprise with a 5.6mbit/. for a wakeup call!
>There was talk of fixing this through a port 53 passthrough, but I don't think this ever happened.
I think this is being fixed in 2.06, so we'll assimilate that chunk of code if it works correctly.
>Also, OE requires the use of the TXT field. There are many other projects also proposing to use this field (well, a few anti-SPAM proposals), so conflicts could arise in the future.
You can have multiple TXT records, just like MX, A and other DNS records, so this shouldn't be a problem.
>However, I hope that Ken Bantoft will be successful with Openswan. My company uses FreeS/WAN for a VPN solution to provide secure WAN access between international sites.
Support for FreeS/WAN will continue, the code certianly won't just wither up and die. A number of us forked it awhile ago, and keep two active trees going for stable and feature development.
As people have mentioned... the Openswan project is picking up the slack, and commercial support is also available, directly from current Openswan and ex-FreeS/WAN project folks via Xelerance.
So... you install Windows in VMWare, install DRMOffice, open document, and screen cap the VMWare session. Or use Terminal Services, rdesktop, vnc, insert_favourite_dmca_circumvention_tool_here...
Pretty much everything (except the MS boxes) will talk to LDAP these days, and MS boxes will talk to Active Directory, which is close enough to real LDAPv3. We use Novell's eDirectory w/PwdSync modules to sync into AD, and then everything else (AIX, Linux, Lotus stuff, Nortel stuff, etc...) talks directly to it. OpenLDAP is another choice, but I don't know if anyone's sorted out the password sync issues between OpenLDAP and AD.
It's not open source or free, but Ximian's Evolution Connector works for shared folders now. I use it mainly for the calendaring stuff, but normal email / contacts seem to work too.
You can use dynamic IP's for Initiator-Only OE, where you can initiate new OE connections to OE Enabled servers. While others can't start a new connection to you (so running a server on your dynamic IP would be a problem) you can surf OE enabled sites fine.
Re: KEEP TRYING to negotiate with me forever - this was true in the OE defaults for 1.97 - 1.99. The old default was to rekey forever. In 2.00, rekey is set to "no", so you don't rekey once the SA has expired.
You can do this with FreeS/WAN 2.0 - there is the concept of policy groups. ie: for this set of hosts, only accept crypto connections - if they can't encrypt traffic, I don't want to talk to them. You just stick CIDR blocks into a text file to configure this - it doesn't get much simpler than that.
For more information, see Policy Groups documentation.
DNSSec will fix most of this, however that requires all of the TLD and gTLD's support it. Currently, only.nl will sign records all the way to the root zone. We need more TLD/gTLD buy-in for DNSSec to become commonplace.
Yup, it was demo'd last year at OLS, and it should be at OLS 2003 as well. (It was my laptop running driftnet showing all the wide open traffic at OLS 2002 - I plan to do the same again this year)
We have Polycom units (both the standalone units and the ViaVideo) at 6 or 7 sites, and QoS is a must if you're using IP.
We use them over an IPSec based VPN (H.323 is an open protocol, remember) for security reasons, and QoS everything as much as possible to give the higest priority to the Video Conference traffic. Before we implemented QoS, quality was pretty bad - and this was on fast lines (all lines were T1 or fibre).
QoS made the difference between a useable and unuseable video conferencing system.
I've seen it working on both Cogeco cable (Toronto area) and Bell ExpressVue, thanks to a local LUG user.
Once I saw it working, I had to get one. So I too grabbed one off ebay, and a TivoNET card. Both should be here this week... and then with a few hours of hacking, I should be in business.
This is during the installer, not after install So if you're worried about someone compromising your system during the install process, and you've already removed the network cable/wireless card, then you have a larger problem to deal with:)
"even officially support Linux using FreeS/WAN" is a bit of a crock. The support it as a branch-office style connection, when you need a static IP address on the FreeS/WAN side. Most end-users don't have this.
This is why I let my Windows users do the Contivity thing, and my Linux users connect to a FreeS/WAN box. Netlock makes a Linux Contivity client, but it's an extra $100-150 US per client, which makes it out most people's price range, especially since FreeS/WAN is, well, Free:)
8: Curses interface for console (wouldn't "red-console" be nice?!?)
It exists... there's a channel for Red Carpet in (where else?!) Red Carpet.
You can now do pretty everything you did via the GUI, from command line. Sub/Unsub from channels, bring your system up to date, search for new packages to install, etc...
Slashdot Mirror
Re: VPN
We have Openswan ipkg's now for the WRT stuff.
See the announcement here for details on obtaining/installing it.
Search the fine web...
I think there's a T-shirt with this on it too.
At my last job, I used Evolution with MS Exchange connector to survive without having Windows on my desktop.
At my current job, I've been lucky enough to get a beta copy of Hydrogen, Sun's iPlanet Calendar Connector, and it works reasonably well, though not a fully integrated as I'd like.
Now, GLOW, OpenOffice Groupware's calendar is a standalone app, but also works with WCAP servers. It's new & buggy, but does both local calendaring and server-based, if you have a WCAP backend. It's certainly promising, and if integrated with OpenOffice would be quite nice.
>And if you've got any more questions about openswan, the guy to ask is on slashdot with user id #11! He'll probably be posting in here when it's morning in that part of the world.
/. for a wakeup call!
Yup, I'm in EST, so it's morning now. Imagine my surprise with a 5.6mbit
>There was talk of fixing this through a port 53 passthrough, but I don't think this ever happened.
I think this is being fixed in 2.06, so we'll assimilate that chunk of code if it works correctly.
>Also, OE requires the use of the TXT field. There are many other projects also proposing to use this field (well, a few anti-SPAM proposals), so conflicts could arise in the future.
You can have multiple TXT records, just like MX, A and other DNS records, so this shouldn't be a problem.
>However, I hope that Ken Bantoft will be successful with Openswan. My company uses FreeS/WAN for a VPN solution to provide secure WAN access between international sites.
Thanks!
Ken
Support for FreeS/WAN will continue, the code certianly won't just wither up and die. A number of us forked it awhile ago, and keep two active trees going for stable and feature development.
www.openswan.org (I've karma whored enough tonight).
Ken
And 2.1.0rc1 was released a few minutes ago. Need to update website again
Ken
You know what's funny? Recent Linksys VPN routers (ie: WRV54G) use FreeS/WAN for IPsec (they are built on the OpenRG platform).
So you might be using it anyways
Thanks! Some of us have been doing this stuff for many, many years. We might even be good at it by now
As people have mentioned... the Openswan project is picking up the slack, and commercial support is also available, directly from current Openswan and ex-FreeS/WAN project folks via Xelerance.
I've taken my Super FreeS/WAN tree, and formed a company with some other ex-FreeS/WAN folks.
Openswan is new name of the project, you can already get code from www.openswan.org.
Commercial support + services from us via Xelerance
Ken
So... you install Windows in VMWare, install DRMOffice, open document, and screen cap the VMWare session. Or use Terminal Services, rdesktop, vnc, insert_favourite_dmca_circumvention_tool_here...
LDAP.
Pretty much everything (except the MS boxes) will talk to LDAP these days, and MS boxes will talk to Active Directory, which is close enough to real LDAPv3. We use Novell's eDirectory w/PwdSync modules to sync into AD, and then everything else (AIX, Linux, Lotus stuff, Nortel stuff, etc...) talks directly to it. OpenLDAP is another choice, but I don't know if anyone's sorted out the password sync issues between OpenLDAP and AD.
It's not open source or free, but Ximian's Evolution Connector works for shared folders now. I use it mainly for the calendaring stuff, but normal email / contacts seem to work too.
You can use dynamic IP's for Initiator-Only OE, where you can initiate new OE connections to OE Enabled servers. While others can't start a new connection to you (so running a server on your dynamic IP would be a problem) you can surf OE enabled sites fine.
Re: KEEP TRYING to negotiate with me forever - this was true in the OE defaults for 1.97 - 1.99. The old default was to rekey forever. In 2.00, rekey is set to "no", so you don't rekey once the SA has expired.
You can do this with FreeS/WAN 2.0 - there is the concept of policy groups. ie: for this set of hosts, only accept crypto connections - if they can't encrypt traffic, I don't want to talk to them. You just stick CIDR blocks into a text file to configure this - it doesn't get much simpler than that.
For more information, see Policy Groups documentation.
--
ken@freeswan.ca
OE uses standard DNS requests before attempting to negotiate IPSec tunnels.
It does a TXT & KEY records, which are perfectly normal and RFC compliant DNS queries. If nothing is found, no IKE negotiation is attempted.
--
ken@freeswan.ca
Yes, DNS is currently the weakest link.
.nl will sign records all the way to the root zone. We need more TLD/gTLD buy-in for DNSSec to become commonplace.
DNSSec will fix most of this, however that requires all of the TLD and gTLD's support it. Currently, only
--
ken@freeswan.ca
--
ken@freeswan.ca
We have Polycom units (both the standalone units and the ViaVideo) at 6 or 7 sites, and QoS is a must if you're using IP.
We use them over an IPSec based VPN (H.323 is an open protocol, remember) for security reasons, and QoS everything as much as possible to give the higest priority to the Video Conference traffic. Before we implemented QoS, quality was pretty bad - and this was on fast lines (all lines were T1 or fibre).
QoS made the difference between a useable and unuseable video conferencing system.
I've seen it working on both Cogeco cable (Toronto area) and Bell ExpressVue, thanks to a local LUG user.
Once I saw it working, I had to get one. So I too grabbed one off ebay, and a TivoNET card. Both should be here this week... and then with a few hours of hacking, I should be in business.
Not to mention:
Results 1-15 of about 609 containing "linux"
I seem to remember there being more than 609 websites with Linux information on them...
This is during the installer, not after install So if you're worried about someone compromising your system during the install process, and you've already removed the network cable/wireless card, then you have a larger problem to deal with :)
"even officially support Linux using FreeS/WAN" is a bit of a crock. The support it as a branch-office style connection, when you need a static IP address on the FreeS/WAN side. Most end-users don't have this.
:)
This is why I let my Windows users do the Contivity thing, and my Linux users connect to a FreeS/WAN box. Netlock makes a Linux Contivity client, but it's an extra $100-150 US per client, which makes it out most people's price range, especially since FreeS/WAN is, well, Free
8: Curses interface for console (wouldn't "red-console" be nice?!?)
It exists... there's a channel for Red Carpet in (where else?!) Red Carpet.
You can now do pretty everything you did via the GUI, from command line. Sub/Unsub from channels, bring your system up to date, search for new packages to install, etc...