[38083] in North American Network Operators' Group
Re: VPN Solution (WAS: ORBS (Re: Scanning))
daemon@ATHENA.MIT.EDU (Andy Bradford)
Mon May 28 17:43:58 2001
Message-Id: <200105282143.PAA02174@sicilia.bradfordfamily.org>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: nanog@nanog.org
In-Reply-To: Message from "Patrick W. Gilmore" <patrick@ianai.net>
of "Mon, 28 May 2001 01:24:58 EDT." <5.0.2.1.2.20010528011249.02c05ea8@127.0.0.1>
Date: Mon, 28 May 2001 15:43:18 -0600
From: Andy Bradford <bradipo@xmission.com>
Errors-To: owner-nanog-outgoing@merit.edu
Thus said "Patrick W. Gilmore" on Mon, 28 May 2001 01:24:58 EDT:
> The VPN solutions I have used (e.g. Bay Networks, MS PPTP) send *every*
> packet from the end user machine to the VPN end-point, not just selected
> packets (like with SSH tunneling).
This should be configureable, if it isn't then maybe it's time for a
switch in protocols/software. :-)
> So, does anyone know of a VPN that does selective forwarding like SSH
> tunneling?
FreeS/Wan does this by default. Only traffic defined by the tunnel
security association is encrypted, the rest goes through untouched.
Very optimal. :-) I don't believe this is specific to FreeS/Wan either,
as most IPSEC implementations I have seen do something similar.
(including hardware solutions).
Andy
[-----------[system uptime]--------------------------------------------]
3:43pm up 19 days, 18:20, 6 users, load average: 1.00, 1.01, 1.00
