hiding VPN traffic (was: @Home bans VPNS)

Keith Young kyoung at V-ONE.COM
Mon Aug 28 00:40:45 EDT 2000


Chris Carlson wrote:
>
	<snip>
> Not to mention other non-IPSec VPNs, like Michael
> mentioned: SSH, SSL, SOCKS, or even SKIP.  Imagine
> client sofware that behaves like a virtual IP adapter
> but tunnels the connection in SSL over port 443.
> There's NO WAY that broadband providers can filter
> that.
>
> Hmmm... any VPN vendors out there?  Why not make
> SSL/443 one of the ports used by your IPSec NAT
> transparency?  We can bypass this ridiculous service
> agreement once and for all!

While we don't "wrap" IPSEC in SSL, we do mimic SSL & HTTP headers in
order to pass through proxy-based firewalls such as Gauntlet, Raptor,
and (my favorite ;-) FWTK. However, (unwittingly) giving people access
through your firewall to an external VPN server running on port 443 and
then out to anywhere on the Internet might not make many firewall admins
too happy, but I'll leave that for another thread....  :-)

See my last posting no this list about this very same topic for my
feelings... more and more VPN vendors are going to realize that getting
through local firewalls is nearly impossible with "normal" IPSEC and are
going to diverge from the IPSEC specs in order to make firewall
traversal (and hiding VPN traffic) easier... just my personal thoughts
and not "V-ONE official".....

--
--Keith Young
-Director of Customer Care/Support, V-ONE Corp.
-kyoung at v-one.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list