[ Home ]

we have a satellite office and whilst they're erlatively happy using WinSCP to securely upload and download files through a GUI interface, they would prefer to be more directly incorporated nit oour network. Have any of you setup or used a VPN? Whats involved? If I buy a VPN router for the office here, is that pertty much it? What do they need to connect? Are there security issues or is it pertty much the same as using SSH? I want answers and I want them NOW!!

there are three main types of vpn - SSL (Secure Sockets Layer), IPSec (ip security), and PPTP (Point to Point Tunneling Protocol) I would recommend using OpenVPN which is an implementation of an SSL vpn. Fairly straightforward and it works PPTP vpns are really for single roaming mobile clients gaining secure access to a network IPSec is what the next gen internet protocol IPv6 (we are on IPv4 at present) will use, is pretty complicated to set up and probably more than you need but you might want to learn anyhoo... look at Openswan and it may be built into WinXP but i dunno... easiest way to setup a VPN is get two boxes and install OpenBSD. Set them up as the firewalls for each office and use the OpenVPN package - painless, solid and secure

an SSL vpn uses the TCP and UDP protocols (just like a secure web site) IPSec vpn has its own protocols - ESP (Encapsulating Security Payload) and AH (Authentication Header) so I believe a vpn router is only necessary for IPSec - it recognises and allows control over ESP and AH protocols - correct me if I am wrong clear?

is realvnc secure? I have it running on my pc at work to allow a techy guyin hongkong to help me get his software working. I'm assuming this is securely encrypted like SSL - please tell me it is. If it is am gonna change the password and leave it running as being able to access my work windows machine from home is very handy. Got a different version of it running on the server too.

from the vnc website: VNC Enterprise and Personal Editions include support for strong encryption and authentication of VNC connections. VNC Enterprise Edition additionally supports native authentication against system user accounts. Both versions are specifically designed to be used across untrusted networks such as the Internet. VNC Free Edition and older VNC 3 based systems support a simple challenge-response protocol used to verify a password of up to eight characters, supplied by the connecting user. While this avoids exposing the password to attackers as would be the case with pure plaintext protocols such as telnet, the rest of the session is unencrypted and so anything typed into the viewer passes "in the clear" to the server. VNC Free Edition is therefore suitable for use within a local network or secure VPN, but not for general use over untrusted networks, such as the Internet.

is it possible to use putty to tunnel it through ssh? its a really neat tool and I wanna use it but only if i can make it secure. Guess I could buy it but where's the fun in that?

if its a windows desktop you want then just use the built in rdesktop - you can tunnel that thru ssh - don't see why you cannot tunnel vnc as well although i find rdesktop is faster

question nix...