|
 |
Invisible wrote:
> The document claims this is because "IPSec is too complicated to be
> secure", and that "TSL is mature and battle-tested".
I like how they make this assertion, then later on say "you might need
the load balancing that IPsec does, but you can get that with OpenVPN by
running this other complicated program on a spare machine." It sounds
like a lot of the complication is stuff that OpenVPN basically leaves out.
Plus, I'm not really sure how they're running TLS over UDP, given that
TLS is stream-oriented and assumes reliable delivery. It's also not real
obvious from their descriptions that it's possible to run a UDP protocol
over OpenVPN.
> Um... am I missing something? Installing Cisco's IPSec VPN involves...
> double-clicking the installer. And that's it. What's so hard about that?
Ditto.
> Also amusing is the statement "Blowfish is a very strong algorithm with
> no known weaknesses. Its 128-bit key provides us with a large enough key
> space to make brute force key attacks impossible in polynomial time."
> Erm... like... WTF?
Of course, it hasn't been tested as furiously as AES, either.
> Still, I did learn one useful thing: Apparently the "route" command
> exists on Windoze.
Yup.
http://technet2.microsoft.com/WindowsServer/en/library/552ed70a-208d-48c4-8da8-2e27b530eac71033.mspx?mfr=true
Might be worth reading thru the list so you know what's available.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
