{SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

steve szmidt steve at szmidt.org
Thu Oct 14 13:50:39 MST 2004 

On Thursday 14 October 2004 03:04 pm, Geoff Nordli wrote:
> asterisk-users-bounces at lists.digium.com wrote:
> > On Thu, 14 Oct 2004 07:13:04 -0700, Geoff Nordli
> >
> > <geoffn at gnaa.net> wrote:
> >> OpenVPN runs on:  Linux, Windows 2000/XP and higher, OpenBSD,
> >> FreeBSD, NetBSD, Mac OS X, and Solaris.
> >
> > And how many routers and firewalls out there do support OpenVPN? Do
> > Cisco routers support it?
> >
> > On the other hand, IPsec works on all the platforms you mentioned
> > *plus* most routers/firewalls from Linksys toyz up to Cisco and
> > Checkpoint etc etc etc.
> >
> > rgds
> > benjk
>
> No argument here.  If you want to do gateway to gateway then IPSEC is a
> solid choice.  They pretty much run flawlessly.  The only thing I don't
> like is the kernel modification required on the 2.4 kernel series to embed
> Openswan/Freeswan into the kernel.  Just one more thing to worry about if
> you need to upgrade the kernel.
>
> Since the guy was talking about using an SSH session I assumed he was
> looking at client to gateway options.  IPSEC is not a great option there.
> An easier solution is to use something like PPTP, but sometimes GRE is not

Please don't use PPTP as a security solution, because it really isn't. It's so 
flawed you can even connect to it without having ANY encryption. Microsoft 
with their never ending wisdom have incorporated design flaws that make 
cryptographers and security professionals distrust it, and recommend against 
its use. 

Or as the writers of Building Linux Virtual Private Networks says: "We 
recognize that there are times when you must support PPTP ... In either of 
these cases, we offer our deepest sympathies."

> supported on every firewall.  Plus PPTP requires modification to the ppp
> kernel modules to support mschap-v2 -- this is also a pain.  So something
> like OpenVPN is a good solution.
>
> Geoff
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety 
deserve neither liberty nor safety."
                                Benjamin Franklin

More information about the asterisk-users mailing list