[wellylug] Router piercing
michael at diaspora.gen.nz
michael at diaspora.gen.nz
Tue Dec 13 13:45:01 NZDT 2005
>The other VPN protocol I've currently got in use, for joining two
>networks together, is vtun. It uses a TCP control connection and
>usually UDP packets for the VPN. It works through NAT reasonably well,
>and supports adding arbitrary routes at either end when the tunnel comes
>up. However I'm not sure how strong the security is (and the main
>authentication method seems to be 'shared secret', which typically ends
>up being pretty weak). For what I'm using it for (data which will then
>travel over the Internet unencrypted) the potential lack of privacy in
>the VPN doesn't matter much.
For some criticisms of vtun from Peter Guttman, whose opinion is
reasonably respectable, see:
http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
A sample quote:
``Ugh, this makes CIPE look like a paragon of good crypto design
in comparison.''
I have no idea whether the problems mentioned in that document have been
fixed in the two years since.
-- michael.
More information about the wellylug
mailing list