Thanks for the information. While I am new to VPNs I do understand the concept of how they work. That said I do appreciate all the good info you gave and will read those links.<br><br>In order to save an email I'd like to include a question I had from one of Eric's emails.
<br>Since SSL vpns work at a higher OSI layer does that mean that the stuff at the lower layers is not encrypted? Like mac address and ip address.<br>THanks all for answering my questions. You are most helpfull.<br><br><br>
<div><span class="gmail_quote">On 10/21/06, <b class="gmail_sendername">Kurt Granroth</b> &lt;<a href="mailto:plug-discuss@granroth.org">plug-discuss@granroth.org</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
jordi laforge wrote:<br>&gt; I'm trying to provide a roadwarrior situation. Here is what I'm looking at:<br>&gt; Small 8-12 user lan.<br>&gt; 4-5 of these users have home pc's(Windows) that they'd like to use to<br>&gt; connect to the
<br>&gt; office and user the file server\ email\ databases.<br>&gt; The windows file server has PPTP capabilities.<br>&gt;<br>&gt; I could either use the Windows PPTP or setup another server running<br>&gt; Linux with openvpn. Or something else I haven't thought of....but you
<br>&gt; guys suggest.<br>&gt; Whaddya think?<br><br>Okay, it sounds like you're not all that familiar with VPNs in general,<br>based on your comments here and in later messages.&nbsp;&nbsp;I *strongly* suggest<br>doing some quick reading on that topic first before getting into
<br>specifics.&nbsp;&nbsp;The 'howstuffworks' entry on VPNs is not half-bad and the<br>wikipedia page is excellent.<br><br>Here's the very very short summary: A VPN would allow your 'road<br>warriors' to connect to the home office while they are at home or on the
<br>road.&nbsp;&nbsp;The user's remote laptop or desktop would get a special IP that<br>is specific to the VPN through which all traffic to work is 'tunneled'<br>in an encrypted manner.&nbsp;&nbsp;Done properly, the remote worker would be able
<br>to access ALL of the services that she could normally access while in<br>the office... but in a safe and secure manner over the public Internet.<br><br>Now PPTP has the advantage here of being very easy to setup and if you
<br>have one of the Windows Servers, then you have half of it already nearly<br>setup.&nbsp;&nbsp;You would need to get clients for any Linux users, but that's<br>not a problem as I'm fairly certain that there is now &quot;native&quot; support
<br>in the kernel.<br><br>HOWEVER, PPTP is considered to be fundamentally broken by some respected<br>cryptographers.&nbsp;&nbsp;A quote from Bruce Schneier: &quot;Microsoft PPTP is very<br>broken, and there's no real way to fix it without taking the whole thing
<br>down and starting over.&quot;<br><br><a href="http://www.schneier.com/pptp-faq.html">http://www.schneier.com/pptp-faq.html</a><br><br>OpenVPN is a free solution that has so far been proven to be rock-solid.<br> It is, however, not as easy to setup as PPTP.&nbsp;&nbsp;In fact, if you want to
<br>do anything more than a peer-to-peer setup, you will likely have to do a<br>considerable bit of reading and some configuration file editing.<br><br>Mind you, while the reading is verbose, it's not hard to understand and
<br>it shouldn't take more than a few hours to get everything setup.&nbsp;&nbsp;I'm<br>told, too, that some of the GUIs available make it a lot easier (haven't<br>used any of them) and some of the specialized distros like Smoothwall
<br>and IPCop should make it even easier yet.<br><br>Now this is a Linux group so we'll tend to lean towards using Linux<br>based solution for the &quot;server&quot; side.&nbsp;&nbsp;I'm honor bound to tell you,<br>though, that you don't have to.&nbsp;&nbsp;OpenVPN is fundamentally a peer-to-peer
<br> VPN (with some variances) and works just dandy on Windows.&nbsp;&nbsp;So you<br>*could* run it as a service on your Windows Server and it would likely<br>chug away just fine.&nbsp;&nbsp;There is even a handy GUI for it.<br><br>I recommend starting with some reading:
<br><br><a href="http://openvpn.net/howto.html">http://openvpn.net/howto.html</a><br><a href="http://openvpn.net/INSTALL-win32.html">http://openvpn.net/INSTALL-win32.html</a><br><a href="http://openvpn.se/">http://openvpn.se/
</a><br>---------------------------------------------------<br>PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>To subscribe, unsubscribe, or to change&nbsp;&nbsp;you mail settings:
<br><a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br></blockquote></div><br>