Re: VPN for SCO OSR 5.0.6 ???

From: Bill Campbell (bill_at_celestial.com)
Date: 06/07/04 

Date: Mon, 7 Jun 2004 10:24:04 -0700

On Mon, Jun 07, 2004, Jeff Liebermann wrote:
>On Mon, 07 Jun 2004 13:25:09 GMT, bv@wjv.com (Bill Vermillion) wrote:
>
>>Last month I saw that at least some Linksys devices have a DDoS
>>problem. I do not recall the model number, and at the time of the
>>writing there was no response from Cisco.
>
>Nope. BEFVP41 does not have the ping bug. It was fixed with latest
>firmware for various wireless routers.
>
>Netgear WG602 access point has a built in back door password.
> http://www.securityfocus.com/archive/1/365069
>
>I have several pairs of BEFVP41 VPN routers terminating a VPN at
>various customers. They work just fine. Terminating a VPN with a
>server (as in the Microsoft way of doing a VPN) is IMHO, not a good
>idea. The server has better things to do than imitate a $100
>dedicated appliance.

We've been using the BEFVP41s for several year now. Just last week, I
finally got around to figuring out FreeS/WAN on a SuSE 9.0 box here which
we're now using instead of the LinkSys box that's been acting up recently.

>However, methinks the right answer is to use open source firmware in
>off the shelf routers. Netgear and Linksys both have GPL code posted
>on their web piles for many of their wireless routers.

That's fine if one has the time and inclination to fiddle. My customers
are better off buying the appliance box. We spent quite a bit of time with
LRP/LEAF routers, but came to the conclusion that they're generally more
trouble than they're worth for the average SOHO installation.

On the other hand, when we install a system which will be doing e-mail, web
services, etc, it makes sense to configure FreeS/WAN or the FreeBSD IPSec
with a 2nd NIC than to use an external box, particularly if the customer
has many VPN connections to support.

Bill 

--
INTERNET:   bill@Celestial.COM  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Ah, you know the type.  They like to blame it all on the Jews or the
Blacks, 'cause if they couldn't, they'd have to wake up to the fact that
life's one big, scary, glorious, complex and ultimately unfathomable
crapshoot -- and the only reason THEY can't seem to keep up is they're a
bunch of misfits and losers.''
        -- A analysis of Neo-Nazis, from "The Badger" comic

Relevant Pages

  • Re: HELP! networking a workgroup over the internet
    ... I recently went through this exercise with Linksys. ... will establish and maintain a VPN tunnel between the devices without user ... >> LAN workgroups see each other as one LAN workgroup over the internet? ... >> have Linksys Ethernet Cable/DSL routers at both sites. ...
    (comp.security.firewalls)
  • Re: VPN Solutions
    ... I tried to mess with the Linksys Quick VPN utility, ... Everything in the remote office uses the Netgear as default gateway. ... Will I have to have a RRAS box at the remote office and the VPN between the two hardware routers be thrown out? ...
    (microsoft.public.windows.server.networking)
  • LinkSys to NetGear VPN?
    ... I am trying to establish a VPN between my NETGEAR FVS318 and a LINKSYS ... NETGEAR FVS318 at home and on of the LINKSYS routers at work. ...
    (comp.os.linux.networking)
  • VPN and IPSec
    ... I am trying to setup a VPN using 2 Windows XP Pro machines. ... I have 2 Linksys ... VPN End Point routers that do the job for me, but I need to move them ... and connect to the VPN using XP's built in IPSec policies? ...
    (microsoft.public.windowsxp.network_web)
  • Re: Intra-site DNS problems
    ... Build a VPN between the two ... >> routers, and setup the routing so that everything ... RPCs are not going to translate through the NAT, ...
    (microsoft.public.windows.server.dns)