Gentoo Archives: gentoo-user

From: Grant <emailgrant@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] OpenVPN setup
Date: Tue, 12 Feb 2008 15:04:46
Message-Id: 49bf44f10802120704k2a72e8baq4896944a98e9bfe5@mail.gmail.com
In Reply to: Re: [gentoo-user] OpenVPN setup by Alan McKinnon
1 > > > I don't think you need a VPN to SSH from your laptop to the remote
2 > > > server -- SSH is already encrypted.
3 > >
4 > > For sure, but it seems like running SSH inside a VPN is better for
5 > > security than running SSH on a non-standard port or even port
6 > > knocking. If I need to set up a VPN for printing, shouldn't I use it
7 > > for other stuff too? Maybe not, I have yet to actually use a VPN so
8 > > please correct me if I'm wrong.
9 >
10 > The name tells you everything you need to know.
11 >
12 > vpn is Virtual Private *Network*. If you would normally have a dedicated
13 > line between this place and that place to form a network, but this is
14 > too expensive so you use the internet instead, then you use a vpn. Why?
15 > Because the internet is a public pathway and you don't want your stuff
16 > out in the open.
17 >
18 > If you want a client machine somewhere to connect to a server machine
19 > somewhere else, then this is normal internet connectivity and vpn is
20 > the wrong thing. If you want the client machine to be part of the same
21 > network the server is on so that lots of stuff works the way it does in
22 > the office itself, then vpn is the correct thing.
23 >
24 > Even if you just want to encrypt some clear-text protocol that doesn't
25 > have an encrypted equivalent, a vpn is still overkill. For that you use
26 > ssh tunneling (which is essentially the same thing as an encrypted
27 > version of a protocol). 'ssh -X' is the classic example of easily
28 > tunneling a protocol that doesn't have a native encrypted equivalent.
29
30 I see what you're saying. Can tunneling through ssh be made automatic
31 so that a cron job initiates a script that opens a tunnel between the
32 remote server and local print server and pages are printed through the
33 tunnel?
34
35 > Your statement "it seems like running SSH inside a VPN is better for
36 > security than running SSH on a non-standard port" is non-sensical. From
37 > a security and encryption perspective, ssh and OpenVPN are exactly the
38 > same thing - stuff wrapped in an encryption layer provided by ssl,
39 > complete with exactly the same key setup should you choose to use that
40 > route.
41
42 What about having ssh, imap, smtp, cups, and possibly a non-standard
43 https port all hidden within a VPN? Should that be considered a
44 benefit of running a VPN?
45
46 - Grant
47 --
48 gentoo-user@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-user] OpenVPN setup Alan McKinnon <alan.mckinnon@×××××.com>