[PLUG] Need Help "SSH through VPN"
Carla Schroder
carla at bratgrrl.com
Tue Mar 6 17:43:58 UTC 2007
On Monday 05 March 2007 15:09, Jenifer Chung wrote:
> Hi Drew,
>
> Yes, the Network Admin guy setup the VPN web page. The VPN gear is Juniper
> SA-4000 SSL-VPN.
>
> Jeni
I suspect, from wading through the voluminous but largely content-free
documentation on their Web site, that this is not a true VPN, but an SSL
portal, because it claims "No client-software deployments." A true VPN
requires that both server and client authenticate to each other. The vast
majority of commercial SSL VPNs are not VPNs at all, but prettified Web
browsers that allow arbitrary clients to login. Call me old-fashioned and
grumpy, but the idea of letting users log in from public terminals or any old
PC that you have no control over is insane, and paying tens of thousands of
dollars for the privilege- well, there are no words. (keyloggers, anyone?
spyware? sheeesh)
So I'm guessing that you're SOL, because it's not a real VPN tunnel at all. A
real VPN doesn't require a Web browser for access. Think of it as a virtual
private Ethernet cable transporting and protecting your bits over hostile
networks.
This is a very good paper on the subject:
OpenVPN and the SSL VPN Revolution, by Charlie Hosner
http://www.sans.org/reading_room/whitepapers/vpns/
In conclusion, sites that don't use OpenVPN are too dumb to be in business.
Because even if this a real SSL-based VPN, it's stupid to spend wads of money
when a superior free product like OpenVPN is available.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook!
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the PLUG
mailing list