[PLUG] Need Help "SSH through VPN"

Carla Schroder carla at bratgrrl.com
Tue Mar 6 17:43:58 UTC 2007


On Monday 05 March 2007 15:09, Jenifer Chung wrote:
> Hi Drew,
>
> Yes, the Network Admin guy setup the VPN web page. The VPN gear is Juniper
> SA-4000 SSL-VPN.
>
> Jeni

I suspect, from wading through the voluminous but largely content-free 
documentation on their Web site, that this is not a true VPN, but an SSL 
portal, because it claims "No client-software deployments." A true VPN 
requires that both server and client authenticate to each other. The vast 
majority of commercial SSL VPNs are not VPNs at all, but prettified Web 
browsers that allow arbitrary clients to login. Call me old-fashioned and 
grumpy, but the idea of letting users log in from public terminals or any old 
PC that you have no control over is insane, and paying tens of thousands of 
dollars for the privilege- well, there are no words. (keyloggers, anyone? 
spyware? sheeesh)

So I'm guessing that you're SOL, because it's not a real VPN tunnel at all. A 
real VPN doesn't require a Web browser for access. Think of it as a virtual 
private Ethernet cable transporting and protecting your bits over hostile 
networks.

This is a very good paper on the subject:
OpenVPN and the SSL VPN Revolution, by Charlie Hosner
http://www.sans.org/reading_room/whitepapers/vpns/

In conclusion, sites that don't use OpenVPN are too dumb to be in business. 
Because even if this a real SSL-based VPN, it's stupid to spend wads of money 
when a superior free product like OpenVPN is available.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the PLUG mailing list