MEPIS Community Forum

A Linux operating system based on Debian Stable
View unanswered posts | View unsolved topics | View active topics |



Reply to topic  [ 20 posts ]  Go to page 1, 2  Next
VPN Solutions 
Author Message
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299402
Post VPN Solutions
HI All,

Has anyone here any experience with VPN solutions for a dedicated server as well as for home use?
OpenVPN looks like a great tool, but I'm afraid of trying to configure it. Hamachi looks nice but it's not open source.

Is there anything in the repos for this?
Thanks in advance for any pointers

Chris

_________________
--
Chris Griffin


Thu May 03, 2012 10:37 am
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 299424
Post Re: VPN Solutions
what exactly are your remote access needs? there may be easier solutions


Thu May 03, 2012 6:12 pm

GoManutd thanked by: cgriffin
Profile
Online
Forum Veteran
Forum Veteran
User avatar

Joined: Wed Jul 12, 2006 1:42 am
Posts: 4654
Has thanked: 509 times
Have thanks: 676 times
Post # 299444
Post Re: VPN Solutions
It depends on your needs, if you just need an encrypted connection you could run ssh server on your home machine and tunnel all the connections through it, it should be very easy to set up. Dynamic Port Forwarding


Thu May 03, 2012 11:53 pm

Adrian thanked by: cgriffin
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299479
Post Re: VPN Solutions
Adrian wrote:
It depends on your needs, if you just need an encrypted connection you could run ssh server on your home machine and tunnel all the connections through it, it should be very easy to set up. Dynamic Port Forwarding


Thanks for your replies.

My needs are a bit nebulous because I'm in learning mode and it's almost more hobby than serious need.

On the surface, I would like to be able to connect to home while I'm away (either at work or travelling) and do the following:

* Use my home network as an http and email proxy
* Take control of my home mepis desktop via something like VNC and just do my work that way.

I know that lots of people have good luck with Hamachi, but I don't want to use a corporate solution, plus they have a server that serves as a middle-man in the connection process and I don't like that for philosophical reasons.

I might be able to do everything with the SSH port forwarding. I've tried setting that up on my router but I'm having some trouble with it. I haven't spent serious time trying to fix it yet.

I have heard that Hamachi will do the NAT traversal for you, so you don't need to open a port. I'm not too concerned about opening a port though, although I might opt for something that's not 22!

I have heard that VPN's are more secure than an SSH connection, and that I could actually open a VPN connection and still use SSH, which would provide a double-layer of security. This is where the hobby aspect of this comes in because it'd probably be a bandwidth hit and I don't have great bandwidth at home anyways.

Nevertheless, I want to know about all of my options, and what has worked well for others, and I strongly prefer FLOSS solutions to a propietary tool.

Thanks!
Chris

_________________
--
Chris Griffin


Fri May 04, 2012 11:06 am
Profile
Online
Forum Veteran
Forum Veteran
User avatar

Joined: Wed Jul 12, 2006 1:42 am
Posts: 4654
Has thanked: 509 times
Have thanks: 676 times
Post # 299496
Post Re: VPN Solutions
Don't know much about it, but I doubt VPN can be more secure than SSH, it actually probably uses SSH as a back end. I know there's a way to do VPN with SSH (better solution than just forwarding the ports) but I've never tried that. http://bodhizazen.net/Tutorials/VPN-Over-SSH


Fri May 04, 2012 2:25 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299501
Post Re: VPN Solutions
Adrian wrote:
Don't know much about it, but I doubt VPN can be more secure than SSH, it actually probably uses SSH as a back end. I know there's a way to do VPN with SSH (better solution than just forwarding the ports) but I've never tried that. http://bodhizazen.net/Tutorials/VPN-Over-SSH


I don't know enough about it yet, but VPN solutions (such as OpenVPN) do a Diffe-Hellman key exchange, in which both client and server have a public/private key pair, and through the use of the public key methodology, they are able to agree upon a symmetric session key that no outside party can glean.

I'm concerned that SSH is basically just taking your password or your SSH key and transferring it in the clear. That's not secure at all. Sure, once the connection is established it would be secure, but anyone sniffing your traffic could just record it all and read your key. SSH over a VPN connection would have two layers of security but probably not as good bandwidth.

I'm hoping to run into folks who know more about this than I do ;-)
Chris

_________________
--
Chris Griffin


Fri May 04, 2012 3:18 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Wed Aug 30, 2006 1:44 am
Posts: 606
Location: Midway between the Washington State rainforest, ocean and volcanoes
Has thanked: 773 times
Have thanks: 69 times
Post # 299503
Post Re: VPN Solutions
A little OT and whenever people bring up VPNs, I feel the need to share this

Never Trust A VPN Provider That Doesn't Accept Bitcoin
Quote:
As the VPN provider HideMyAss.com happily identified a person at the request of law enforcement, it was a jaw-drop moment for many of us. This was the exact thing that was supposed to not happen. It was supposed to be physically impossible; the log files were not supposed to exist. Many rightly criticize the company for advertising a service they didn’t deliver, and from their defense of righteousness and entitlement in a “we did nothing wrong” statement, it is obvious that they are completely oblivious to the concept of lawful evil:

http://falkvinge.net/2011/09/27/never-t ... t-bitcoin/

_________________
...Ostara.................................... minni
Image Image
...Mepis 11_64...........................Mepis 11_32


Fri May 04, 2012 3:20 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299504
Post Re: VPN Solutions
iridesce wrote:
A little OT and whenever people bring up VPNs, I feel the need to share this

Never Trust A VPN Provider That Doesn't Accept Bitcoin
Quote:
As the VPN provider HideMyAss.com happily identified a person at the request of law enforcement, it was a jaw-drop moment for many of us. This was the exact thing that was supposed to not happen. It was supposed to be physically impossible; the log files were not supposed to exist. Many rightly criticize the company for advertising a service they didn’t deliver, and from their defense of righteousness and entitlement in a “we did nothing wrong” statement, it is obvious that they are completely oblivious to the concept of lawful evil:

http://falkvinge.net/2011/09/27/never-t ... t-bitcoin/


The obvious difference between hidemyass and OpenVPN is that you'd be running OpenVPN on your own server/router, and you have full control over all log files.

_________________
--
Chris Griffin


Fri May 04, 2012 3:23 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299505
Post Re: VPN Solutions
cgriffin wrote:
I'm concerned that SSH is basically just taking your password or your SSH key and transferring it in the clear. That's not secure at all.
Chris


Maybe I'm wrong about this:
http://eprint.iacr.org/2011/276.pdf
http://serverfault.com/questions/203613 ... entication

But this still isn't totally clear to me.

_________________
--
Chris Griffin


Fri May 04, 2012 3:26 pm
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 299516
Post Re: VPN Solutions
the WHOLE purpose behind SSH is that it uses private/public keys for encrypting communication. so long as you properly protect the private keys on the system (which never get transmitted) someone can steal the public key and still have no effect, since decrypting the public key takes a tremendous amount of computing effort - read, resources that the average bear doesn't have.

from the sounds of it, SSH will fit the bill. why use a nuke to kill a mosquito, when a flyswatter does the job?


Fri May 04, 2012 8:30 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 20 posts ]  Go to page 1, 2  Next

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.