[talk] VPN solutions

netmantej netmantej at gmail.com
Thu Apr 3 23:00:17 EDT 2014 

Disabling Network Manager and using the "network" service will make life 
much less flaky.

Additionally, Everything I have stated is first hand experience.

-- Tim

On 4/3/14, 10:26 PM, Jesse Callaway wrote:
>
>
>
> On Thu, Apr 3, 2014 at 9:03 PM, netmantej <netmantej at gmail.com
> <mailto:netmantej at gmail.com>> wrote:
>
>
>
>     In the first ten years of my career, almost all of the issues I had
>     on the wire (network) where traced back to a Microsoft product
>     malfunctioning or working as designed.
>
>     In the last fifteen years of my career, most of the issues I have on
>     the wire or on the system trace back to a Java process
>     malfunctioning or working as designed.
>
>
>     -- Tim
>
>
>     On 4/3/14, 1:15 AM, Edward Capriolo wrote:
>
>         Many people actually offer vpn in java.
>         Juniper offers an ssl vpn that works for windows, mac, linux..
>
>         http://kb.juniper.net/__InfoCenter/index?page=content&__id=KB28704
>         <http://kb.juniper.net/InfoCenter/index?page=content&id=KB28704>
>
>         That is not a site to site vpn, but you get the drift.
>
>         On Wednesday, April 2, 2014, netmantej <netmantej at gmail.com
>         <mailto:netmantej at gmail.com>
>         <mailto:netmantej at gmail.com <mailto:netmantej at gmail.com>>> wrote:
>           > A VPN solution written in Java?
>           >
>           > You're sick. Sick, sick, sick.
>           >
>           >
>           > -- Tim
>           >
>           > On 4/2/14, 10:44 PM, Mark Saad wrote:
>           >>
>           >> On Apr 2, 2014, at 9:50 PM, Edward Capriolo
>         <edlinuxguru at gmail.com <mailto:edlinuxguru at gmail.com>
>         <mailto:edlinuxguru at gmail.com <mailto:edlinuxguru at gmail.com>>
>           >> <mailto:edlinuxguru at gmail.com
>         <mailto:edlinuxguru at gmail.com> <mailto:edlinuxguru at gmail.com
>         <mailto:edlinuxguru at gmail.com>>__>> wrote:
>           >>
>           >>> You could easily argue that a aite to site ipsec solution
>         is industy
>           >>> standard and has wide support across operating sytems and
>         "routing
>           >>> appliances" aka really expensive embedded computers ned cicso.
>           >>>
>           >>
>           >> Wow I was totally expecting a " I use Cassandra to map out
>         the best
>           >> route and use this awesome tool that is written in java to
>         ...."
>           >>
>           >>> On Wednesday, April 2, 2014, Pete Wright
>         <pete at nomadlogic.org <mailto:pete at nomadlogic.org>
>         <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>>
>           >>> <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>
>         <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>>>> wrote:
>           >>> >
>           >>> >
>           >>> > On 04/02/14 14:36, Marc Spitzer wrote:
>           >>> >> Hi all,
>           >>> >>
>           >>> >> I have been tasked with setting up a site to site vpn
>         solution
>         at work.
>           >>> >>  I was thinking about doing a openvpn on centos, we are
>         a centos
>         shop.
>           >>> >>  I would like to put in some freebsd boxes but I need a
>         compelling
>           >>> reason.
>           >>> >>
>           >>> >> The last time I set this up I used cisco pix and that
>         was a few
>           >>> years ago.
>           >>> >>
>           >>> >
>           >>> > Did a very similar setup using OpenBSD.  For me the
>         compelling
>         reasons
>           >>> > where the great documentation, and relative simplicity
>         of OpenBSD's
>           >>> > IPSEC and OpenIked configuration file syntax especially when
>         compared to
>           >>> > openswan and openVPN even.
>           >>> >
>           >>> > -pete
>           >>> >
>           >>> >
>           >>> > --
>           >>> > Pete Wright
>           >>> > pete at nomadlogic.org <mailto:pete at nomadlogic.org>
>         <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>>
>         <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>
>         <mailto:pete at nomadlogic.org <mailto:pete at nomadlogic.org>>>
>
>           >>> > twitter => @nomadlogicLA
>           >>> >
>           >>> > _________________________________________________
>           >>> > talk mailing list
>           >>> > talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>__>
>
>           >>> > http://lists.nycbug.org/__mailman/listinfo/talk
>         <http://lists.nycbug.org/mailman/listinfo/talk>
>           >>> >
>           >>>
>           >>> --
>           >>> Sorry this was sent from mobile. Will do less grammar and
>         spell check
>           >>> than usual.
>           >>> _________________________________________________
>           >>> talk mailing list
>           >>> talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>__>
>           >>> http://lists.nycbug.org/__mailman/listinfo/talk
>         <http://lists.nycbug.org/mailman/listinfo/talk>
>           >>
>           >> Mark saad | mark.saad at yMail.com <mailto:mark.saad at yMail.com
>         <mailto:mark.saad at yMail.com>
>         <mailto:mark.saad at yMail.com <mailto:mark.saad at yMail.com>>>
>           >>
>           >>
>           >> _________________________________________________
>           >> talk mailing list
>           >> talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>
>
>           >> http://lists.nycbug.org/__mailman/listinfo/talk
>         <http://lists.nycbug.org/mailman/listinfo/talk>
>           >>
>           > _________________________________________________
>           > talk mailing list
>           > talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>         <mailto:talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>>
>           > http://lists.nycbug.org/__mailman/listinfo/talk
>         <http://lists.nycbug.org/mailman/listinfo/talk>
>           >
>
>         --
>         Sorry this was sent from mobile. Will do less grammar and spell
>         check
>         than usual.
>
>     _________________________________________________
>     talk mailing list
>     talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>     http://lists.nycbug.org/__mailman/listinfo/talk
>     <http://lists.nycbug.org/mailman/listinfo/talk>
>
>
>
>
> Uh...
>
> I'll tell you my experiences with host-host IPSec on Centos have been
> bad. I used a setup with ipsec vifs connected to a bridge device, all
> using the cursed ifcfg-ethX config files. For some reason the
> association would just go sour every couple of days and I'd have to
> cycle the virtual interfaces. Magically it all came back up. And then
> just as magically it would all go down again.. in another couple days.
> This was on Centos5.5 I believe. Possible counterpoint should it come
> down to "my friend says that he..." But hopefully your case at work
> won't get into such nebulous territory as this thread has.
>
> --
> -jesse
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

More information about the talk mailing list