[talk] VPN solutions

Jesse Callaway bonsaime at gmail.com
Thu Apr 3 22:26:11 EDT 2014 

On Thu, Apr 3, 2014 at 9:03 PM, netmantej <netmantej at gmail.com> wrote:

>
>
> In the first ten years of my career, almost all of the issues I had on the
> wire (network) where traced back to a Microsoft product malfunctioning or
> working as designed.
>
> In the last fifteen years of my career, most of the issues I have on the
> wire or on the system trace back to a Java process malfunctioning or
> working as designed.
>
>
> -- Tim
>
>
> On 4/3/14, 1:15 AM, Edward Capriolo wrote:
>
>> Many people actually offer vpn in java.
>> Juniper offers an ssl vpn that works for windows, mac, linux..
>>
>> http://kb.juniper.net/InfoCenter/index?page=content&id=KB28704
>>
>> That is not a site to site vpn, but you get the drift.
>>
>> On Wednesday, April 2, 2014, netmantej <netmantej at gmail.com
>> <mailto:netmantej at gmail.com>> wrote:
>>  > A VPN solution written in Java?
>>  >
>>  > You're sick. Sick, sick, sick.
>>  >
>>  >
>>  > -- Tim
>>  >
>>  > On 4/2/14, 10:44 PM, Mark Saad wrote:
>>  >>
>>  >> On Apr 2, 2014, at 9:50 PM, Edward Capriolo <edlinuxguru at gmail.com
>> <mailto:edlinuxguru at gmail.com>
>>  >> <mailto:edlinuxguru at gmail.com <mailto:edlinuxguru at gmail.com>>> wrote:
>>  >>
>>  >>> You could easily argue that a aite to site ipsec solution is industy
>>  >>> standard and has wide support across operating sytems and "routing
>>  >>> appliances" aka really expensive embedded computers ned cicso.
>>  >>>
>>  >>
>>  >> Wow I was totally expecting a " I use Cassandra to map out the best
>>  >> route and use this awesome tool that is written in java to ...."
>>  >>
>>  >>> On Wednesday, April 2, 2014, Pete Wright <pete at nomadlogic.org
>> <mailto:pete at nomadlogic.org>
>>  >>> <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>>> wrote:
>>  >>> >
>>  >>> >
>>  >>> > On 04/02/14 14:36, Marc Spitzer wrote:
>>  >>> >> Hi all,
>>  >>> >>
>>  >>> >> I have been tasked with setting up a site to site vpn solution
>> at work.
>>  >>> >>  I was thinking about doing a openvpn on centos, we are a centos
>> shop.
>>  >>> >>  I would like to put in some freebsd boxes but I need a compelling
>>  >>> reason.
>>  >>> >>
>>  >>> >> The last time I set this up I used cisco pix and that was a few
>>  >>> years ago.
>>  >>> >>
>>  >>> >
>>  >>> > Did a very similar setup using OpenBSD.  For me the compelling
>> reasons
>>  >>> > where the great documentation, and relative simplicity of OpenBSD's
>>  >>> > IPSEC and OpenIked configuration file syntax especially when
>> compared to
>>  >>> > openswan and openVPN even.
>>  >>> >
>>  >>> > -pete
>>  >>> >
>>  >>> >
>>  >>> > --
>>  >>> > Pete Wright
>>  >>> > pete at nomadlogic.org <mailto:pete at nomadlogic.org>
>> <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>>
>>
>>  >>> > twitter => @nomadlogicLA
>>  >>> >
>>  >>> > _______________________________________________
>>  >>> > talk mailing list
>>  >>> > talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>> <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>
>>
>>  >>> > http://lists.nycbug.org/mailman/listinfo/talk
>>  >>> >
>>  >>>
>>  >>> --
>>  >>> Sorry this was sent from mobile. Will do less grammar and spell check
>>  >>> than usual.
>>  >>> _______________________________________________
>>  >>> talk mailing list
>>  >>> talk at lists.nycbug.org
>> <mailto:talk at lists.nycbug.org> <mailto:talk at lists.nycbug.org
>>
>> <mailto:talk at lists.nycbug.org>>
>>  >>> http://lists.nycbug.org/mailman/listinfo/talk
>>  >>
>>  >> Mark saad | mark.saad at yMail.com <mailto:mark.saad at yMail.com
>> <mailto:mark.saad at yMail.com>>
>>  >>
>>  >>
>>  >> _______________________________________________
>>  >> talk mailing list
>>  >> talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>>
>>  >> http://lists.nycbug.org/mailman/listinfo/talk
>>  >>
>>  > _______________________________________________
>>  > talk mailing list
>>  > talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>>  > http://lists.nycbug.org/mailman/listinfo/talk
>>  >
>>
>> --
>> Sorry this was sent from mobile. Will do less grammar and spell check
>> than usual.
>>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



Uh...

I'll tell you my experiences with host-host IPSec on Centos have been bad.
I used a setup with ipsec vifs connected to a bridge device, all using the
cursed ifcfg-ethX config files. For some reason the association would just
go sour every couple of days and I'd have to cycle the virtual interfaces.
Magically it all came back up. And then just as magically it would all go
down again.. in another couple days. This was on Centos5.5 I believe.
Possible counterpoint should it come down to "my friend says that he..."
But hopefully your case at work won't get into such nebulous territory as
this thread has.

-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20140403/00d7197e/attachment.html>

More information about the talk mailing list