Virtual Private Network Question

Adam Northern AdamN at frontier-risk.com
Wed Sep 29 16:26:51 EDT 1999 

We should probably reply to the mailing list, so other peoples whore care to
see can see sea shells by the sea shore.

As for using an embedded system, that is a nice idea, except I'm kinda edgey
around black box solutions. Sure, I don't mind a 'plug it in and it works'
deal, would make my job tons easier - but it is all closed source and
proprietary stuff going on.  Plus the manufacturers do stupid things
sometimes.  Are you aware that a good portion of 3com's superstack
routers/switches have a default 'backdoor' password that can be used to
change the admin passwords and configuration?  Apparently they added those
for all the people that 'forget' their passwords. Not the sorta thing I look
forward to finding out, considering my company uses those. Good thing I
changed that password once I found out about it.

Then there's the dsl provider we are signing up with, the router they
recommend to us offers vpn and firewall capabilities built in, but it is
based on microsoft's pptp, which I hope everyone knows about it's fallacity
(I don't even know what that word means, just fealt like a good word to say)
and shortcomings. Plus the tech there was straightforward with me and said
that a competant hacker like himself or me (I had to blush at this) could
get past the firewall fairly easy.

As for reliability, except under unrealistic extreme stress due to stupidity
on my part, I have yet to have a linux machine go down without me telling it
to go down.  Unless you count the time that my brother spilt beer into our
home server, but suprisingly the computer kept on chugging. While I am sure
that dedicated equipment will have 100% uptimes compared to 99.99 or .97 or
whatever, that is acceptable for us.

Sure, while a software solution may not be as fast as an embedded hardware
one, I think there is more flexibility, plus I have the equipment all here
(and I can get great deals on computer equipment if I need more state of the
art stuff), and I can make sure there are none of the manufacture added
'features'.

And the most amount of data I will be encrypting to other locations is .7
mb/s, because the other locations are going to have dsl with half t1 speeds.
I am going to have to test it out before doing a full blown implementation
to see how well it can encrypt and decrypt the data and test the reliability
of the thingies.

plus i can be leet c at use i yews leenux (just kidding)

I wonder if I can load linux into a palm pilot, find some way to wire 2 nics
into it, and use it as a vpn machine...  nahhh.

But thanks for your advice. Now to figure out whether I want leenux or bsd
on this thing, never played with any of the bsd's, so I might stick with
linux for the time being.

Long live debian!
Butter!  Heaping GOBS of butter!

I am interested in writing a TFM for vpns, TFM as in RTFM! - If I do, it
will be open source and I will let  you peeps in the know.


-----Original Message-----
From: Eric Henriksen [mailto:eric_h at earthlink.net]
Sent: Wednesday, September 29, 1999 3:03 PM
To: Adam Northern
Subject: Re: Virtual Private Network Question


For the most part, you've got it 'zipped up'.  However, if reliability and
performance
are issues, you should look at VPN bridges build in embedded systems, rather
than
run on PCs (yesy, even Linux-based).  Unlike your Novell server, these
things usually
can't achieve near the reliability of hardware appliances.  The performace
will never
match that capable of accelerating the crypto math in fPGA or ASICs.  Not to
mention that the cost for such appliances are sometimes less that the cost
for a
typical computer to run the software on.  RedCreek has Personal Ravlins that
run up to 2 Mbps for less than $750, about the size of a palm pilot, plug
and
play and remotely manageable.

This trend doesn't bode well for your idea as a marketable one.  As a
science
project, great.

Later...

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************

More information about the VPN mailing list