Date: Tue, 11 Jan 2005 20:59:14 -0500 From: Chuck Swiger <cswiger@mac.com> To: Tom Skeren <tms3@fsklaw.com> Cc: freebsd-net@freebsd.org Subject: Re: gif's Message-ID: <41E48472.5000909@mac.com> In-Reply-To: <41E451D0.9080302@fsklaw.com> References: <41E451D0.9080302@fsklaw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Skeren wrote: > Been pulling my hair out. Anybody know of a resource for a fairly > complex tunneling scheme. My needs are such that a central hub "Star" > style tunneling scheme simply will not be efficient. At some point, complex VPN configurations become more work to setup and maintain than switching to IPsec or increasing the # publicly available services, hopefully switching to more secure protocols at the same time. By the last I mean, many people want a VPN to do filesharing from home to work, or access email and such "securely" over the encrypted tunnel, but people tend to terminate VPN endpoints inside the network rather than in a semi-trusted perimeter zone, and the more VPN connections you add, the greater the exposure of various external networks to the inside and to each other. Switching to HTTPS+WebDAV (eg SubVersion) for a filesharing/publishing mechanism to replace direct CIFS/Samba access, or accessing mail via IMAPS rather than firing up Outlook against the company's MS-Exchange server over the VPN might actually result in a more secure configuration. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E48472.5000909>