[UCI-Linux] Re: Web proxy server to be decommissioned on June 20, 2005

Dan STROMBERG STROMBRG at uci.edu
Fri Mar 18 16:53:59 PST 2005


Some options:

1) VNC can be almost like being on campus:
http://dcs.nac.uci.edu/~strombrg/vnc.html
Be sure to check out the section on tunneling VNC, as it isn't a secure
protocol.

2) ISTR that the NACS VPN uses IPSEC, and many newer linux distributions
come with IPSEC support built in, so you may be able to get the standard
linux tools to work with the NACS VPN.  However, IPSEC is somewhat
notorious for being one of the harder forms of VPN to configure.  Also,
IINM, the NACS VPN is more about authenticating your traffic as being
affiliated with UCI, not about encrypting your traffic over its entire
path.  Some of the other options might be better for the latter.

3) ssh tunneling is very simple conceptually, but requires an extra step
fairly often - though I do have some ssh tunnels that are fired up on
boot also.  It mostly works.  :)

4) OpenVPN tunneling is also pretty easy to set up, and can be made to
fire up on reboot very easily.

5) PPTP.  The microsoft implementation has been fraught with problems,
but Bruce Schneier, a respected cryptographer, reports that the problems
are not in the protocol's design, but rather in MS' implementation.
PPTP tunneling can be hard to set up on Linux, but Devil Linux makes it
pretty easy, as it comes with PPTP support.

6) I still haven't found time to evaluate this, but FreeNX is supposed
to be -blazing-, even over a dialup modem:
http://www.fedoranews.com/contributors/rick_stout/freenx/
It's usually used in combination with ssh tunnels, I gather.

On Fri, 2005-03-18 at 16:33 -0800, Charlie Zender wrote:
> Hi,
> 
> I want to switch from the UCI web proxy to a VPN on a Linux machine
> before the web proxy is disabled in June.
> The NACS help page states:
> 
>  > Caveats:
>  >    * Linux
>  >          o The client needs a 2.4.x kernel or a 2.2.12 or greater 
>  >kernel.  It does not work with the 2.5 kernel series kernels or SMP 
>  >(multiprocessor) kernels.
> 
> Is this correct? Few people use 2.4 kernels anymore. We need something
> compatible with the 2.6 kernel. Please let me know when you've
> updated the VPN client to work with Linux 2.6.
> 
> Thanks,
> Charlie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://maillists.uci.edu/mailman/public/uci-linux/attachments/20050318/1380d565/attachment.bin


More information about the UCI-Linux mailing list