From owner-freebsd-security Thu Feb 24 7:40:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 9DEA637BECB for ; Thu, 24 Feb 2000 07:40:35 -0800 (PST) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 12O0NG-0005vw-00; Thu, 24 Feb 2000 15:40:18 +0000 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) id 12O0NE-0005Pe-00; Thu, 24 Feb 2000 15:40:16 +0000 X-Mailer: exmh version 2.0.2 2/24/98 To: Damien Tougas Cc: freebsd-security@freebsd.org Subject: Re: SSH port forwarding In-reply-to: Your message of "Thu, 24 Feb 2000 07:50:32 MST." <20000224075032.A4699@tougas.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 24 Feb 2000 15:40:16 +0000 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > This seems like an easy way to set up a VPN. The box is both doing > NAT and the VPN, and hence makes it easy to use it as both an > internet gateway as well as a VPN. I have heard this method referred > to as a poor man's VPN, why? Are there better/more preferred > methods of setting up a VPN? SKIP or IPSEC? Why would I want to > use one of those instead? Would I need two boxes to achieve the same > functionality? SSH is: 1) reliable now 2) available now 3) easier to set up in small/simple cases 4) available on multiple platforms 5) doesn't "do" UDP &c without extra code IPSEC is: 1) better (more thought) designed 2) more extensible and scales better 3) harder to set up in simple/small cases 4) not so easily available/installed 5) does all IP packet types, not just TCP 6) probably the future especially with IPv6 SKIP is: 1) unknown to me except by reputation -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message