Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Jan 2005 20:59:14 -0500
From:      Chuck Swiger <cswiger@mac.com>
To:        Tom Skeren <tms3@fsklaw.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: gif's
Message-ID:  <41E48472.5000909@mac.com>
In-Reply-To: <41E451D0.9080302@fsklaw.com>
References:  <41E451D0.9080302@fsklaw.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Tom Skeren wrote:
> Been pulling my hair out.  Anybody know of a resource for a fairly 
> complex tunneling scheme.  My needs are such that a central hub "Star" 
> style tunneling scheme simply will not be efficient.

At some point, complex VPN configurations become more work to setup and 
maintain than switching to IPsec or increasing the # publicly available 
services, hopefully switching to more secure protocols at the same time.

By the last I mean, many people want a VPN to do filesharing from home to 
work, or access email and such "securely" over the encrypted tunnel, but 
people tend to terminate VPN endpoints inside the network rather than in a 
semi-trusted perimeter zone, and the more VPN connections you add, the greater 
the exposure of various external networks to the inside and to each other.

Switching to HTTPS+WebDAV (eg SubVersion) for a filesharing/publishing 
mechanism to replace direct CIFS/Samba access, or accessing mail via IMAPS 
rather than firing up Outlook against the company's MS-Exchange server over 
the VPN might actually result in a more secure configuration.

-- 
-Chuck



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E48472.5000909>