<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>I personally use Linux boxes for my Firewall and VPN. I find
them easy to setup and reliable. However, I have heard a lot of folks
say that OpenBSD makes a better firewall, because of its leaner install.</DIV>
<DIV> </DIV>
<DIV>I would say that you would be in good shape using either one. </DIV>
<DIV> </DIV>
<DIV>Jon Carnes</DIV>
<DIV>MIS - HAHT Software</DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A href="mailto:patrick@SECUREOPS.COM" title=patrick@SECUREOPS.COM>Patrick
Ethier</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:VPN@SECURITYFOCUS.COM"
title=VPN@SECURITYFOCUS.COM>VPN@SECURITYFOCUS.COM</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, January 21, 2000 1:10
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: Linux VPN</DIV>
<DIV><BR></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>Hi,</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000> I've tried FreeS/WAN on Linux and it is fairly
difficult ot implement. Have you considered a solution like OpenBSD(<A
href="http://www.openbsd.org">http://www.openbsd.org</A>).</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>Advantages over Linux(These aren't scientific mind
you but a result of my personal opinion).</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>IPFilter is easier to implement than IPChains and has
a few extra features(Like keeping state of connections)</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>ISAKMPD on OpenBSD is included witht he initial
installation, all you need to do is edit some configuration
files</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=230200318-21012000>IKE
supports X509 certs and Pre-Shared secrets</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=230200318-21012000>It's
Canadian, so encryption is not an issue(Unless you are in the States, then you
need to obtain it from a US ftp server).</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=230200318-21012000>It
also has very clear instructions off their website on how to recompile a
kernel and do basic system administration.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>Also, most of the users on their mailing lists are
experienced systems administrators with a very strong background in
security.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=230200318-21012000>You
get in contact with the actual developers if there is a problem. Things are
very personal.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>NetBSD and FreeBSD are also alternatives. Linux makes
a great workstation because of how many people support it. As for setting up a
Firewall/VPN Gateway, Linux has too many audit issues to make me comfortable
with it.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>Regards,</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=230200318-21012000>Patrick Ethier</SPAN></FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Todd Wilburn
[mailto:toddw@LIGHTMAIL.COM]<BR><B>Sent:</B> Friday, January 21, 2000 1:21
AM<BR><B>To:</B> VPN@SECURITYFOCUS.COM<BR><B>Subject:</B> Linux
VPN<BR><BR></DIV></FONT>
<DIV>
<P><FONT face="Courier New" size=2>We are thinking us using Linux for our
server/firewalls and we need to do</FONT></P>
<P><FONT face="Courier New" size=2>VPN. What programs are available for a
Linux VPN box? I can use secret</FONT></P>
<P><FONT face="Courier New" size=2>pass codes or certs.</FONT></P>
<P> </P>
<P><FONT face="Courier New" size=2><SPAN
class=501321906-21012000>Thanks,</SPAN></FONT></P>
<P><FONT face="Courier New" size=2>Todd
Wilburn</FONT></P></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>