<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: bhein,AT,bmc-pos,DOT,com
Subject: Re: site to site VPN
From: Damion Wilson <dwilson,AT,ibl,DOT,bm>
Date: Wed, 17 Sep 2003 10:27:54 -0300
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <OF15818C07.A125C791-ON85256DA2.005F87B6@bmc-pos.com>
References: <OF15818C07.A125C791-ON85256DA2.005F87B6@bmc-pos.com>

What do you mean by the "cleanest version" ?

No, of course it's not abandoned. There's a big redesign of the service 
coming 
and a patch release of the driver pending. Circumstances (including a 
hurricane induced power outage) have prevented me doing a proper compile and 
test at home. I don't have the CIPE-Win32 build environment setup at work so 
it slows things down considerably.

DKW

On Monday 15 September 2003 03:23 pm, bhein,AT,bmc-pos,DOT,com wrote:
> Mr. Salles,
>
> CIPE is an awesome solution to establishing a VPN connection through just
> about any NAT/MASQ situation. The Linux cipe daemon runs like a champ.
> However the Win32 port is what is in question. My laptop represents the
> laptops of all of our roadwarriors, there are several dozen of them. The
> specs follow
>
> Dell Latitude PIII, 1.133Mhz, 256MB Ram, 3com Mini-PCI Ethernet.
>
>
> The servers I've tested ciped on are as follow:
> Thunderbird Athlon 1.0Ghz w/ 512MB Memory, linux-2.4.21, Slackware
> Athlon XP 1.733Ghz w/ 512MB Memory, Linux-2.4.21? Redhat 9.
> ciped is 1.5.4.
>
>
> The problem lies within the Win32 cipe implementation. I'm running version
> 2.0-pre-15. Is this the cleanest version available? It appears to be
> abandoned, as of the end of 2002 (is this true?)
>
>
> While composing this email I've installed the CIPE Win32 on a test server
> here at my desk, which was loaded with Win2kServer just last week. I'll
> post the results of my testing as they become available.
>
>
>
> Thanks for the comments/input!
>
>
>
>
>
>
> Dear Mr. bhein:
>
> bhein,AT,bmc-pos,DOT,com disse:
> > Have you worked much with CIPE on win32?
> > I installed it yesterday on my laptop and have since had two bluescreens
> > (each is a dump&reboot), two instances of the CIPE service pulling 100%
> > CPU, and upon each boot up the CIPE service fails to load and requires a
> > manual restart from services in the control panel.
> >
> > At this point, unfortunately I cannot recommend CIPE as a VPN solution to
> > my company, since all of our roadwarriors run win32.
>
> This is crazy, you cannot recomend cipe for a VPN solution because
> yesterday you made a cipe vpn link setup in your laptop and it didn't run
> as expected?
> Why didn't you addressed your need for help to this maillist? This is
> better than "not recomending".
>
> > Just wondering if you or anyone else has comments on the matter.
>
> Yes, i do. What i've already done with:
> CIPE running with: RedHat Linux 8.0/ 9.0 X M$Win2k SP4 M$Win2k Server SP4.
> How many times? 12 VPN peers, until now.
> Hardware running: Toshiba Satellite from 150/800 Mgh, from MMX to Celeron
> Processors, Athlon XP 1.1 till 2.4 Ghz, Pentium II, II and IV. Not yet:
> WinXP ( many users wrote this is possible, but i had'nt the chance to test
> myself) M$WinNT (Probably never will, this release is outdated by latest
> M$XP).
> A friend of myne has some installs under SMB hardware.
>
> The first was the more difficult: routing and firewall had to be
> re-dedsigned to fit the new capabilities.
>
>
> HTH,
>
> RSalles
>
> PS: If you think it is easy to manage all the variables involved in a
> project like LAN-TO-LAN CIPE VPN integration and would like to follow the
> steps i've made, search for the "No Way" topic at this maillist sended few
> months ago by me...
>
> Best Regards,
>
> RSalles
>
> > --Brad
> >
> >
> >
> >
> >
> >
> >                       "Russell Berry"
> >                       <russ,AT,berrex,DOT,com>        To:
> > <keith,AT,theargoncompany,DOT,com>, <cipe-l,AT,inka,DOT,de>
> >                       Sent by:                 cc:
> >                       owner-cipe-l@inka        Subject:  Re: site to site
> > vpn
> >                       .de
> >
> >
> >                       09/15/2003 10:45
> >                       AM
> >
> >
> >
> >
> >
> >
> > Hello Keith,
> >
> > CIPE is perfectly suited to your needs.  I have the setup in place for
> > many
> > clients worldwide.  I personally chose cipe long ago before it was in any
> > distribution because of its security and manageability.  Many of my
> > clients
> > have 'remote' or branch offices/sites in various geographic locations.
> > Some
> > spanning multiple continents.  So the costs involved for them to lease a
> > dedicated line to another site can quickly become prohibitive.  CIPE
> > allows
> > for a secure tunnel through any medium, thus giving them even more
> > security
> > than a dedicated line for the cost of a standard high speed internet
> > connection. Since CIPE tunnels all traffic encapsulated inside UDP
> > packets,
> > your traffic is 'invisible' to the casual snooper/sniffer.  Some people
> > don't like the private key mechanism, I happen to prefer it, so CIPE has
> > always been the perfect solution for me.  As for support, the fine people
> > on
> > this list will help you from the most trivial to the most obfuscated
> > implementations you can think of.
> >
> > I have 'evaluated' other tunnel forms, including IPSEC devices, freeswan,
> > etc.  Nothing stacks up to CIPE for my needs.  My clients include private
> > coroporations, government offices, financial institutions, academia,
> > medical
> > community, etc.  Some of the connections are very critical and even have
> > failover configurations with secondary connections available, and they
>
> ALL
>
> > have strong security needs.  They trust my company with all their data
>
> and
>
> > data security, and I trust CIPE.
> >
> > I sound like a CIPE commercial!  That's okay, I believe in it, I'd do a
> > commercial for free!
> >
> > Regards,
> > ---russ
> >
> >
> > Russell Berry
> > Berrex Computer Solutions
> > http://www.berrex.com
> > Russ,AT,berrex,DOT,com
> > 1-877-558-9507
> > ----- Original Message -----
> > From: "Keith Fernandez" <keith,AT,theargoncompany,DOT,com>
> > To: <cipe-l,AT,inka,DOT,de>
> > Sent: Monday, September 15, 2003 10:21 AM
> > Subject: site to site vpn
> >
> >> Hi,
> >>
> >> I have two offices, where I need to allow the machines in one office to
> >
> > access
> >
> >> the machines in the other office.
> >> Is that possible with just using CIPE.
> >> Is there something besides setting up CIPE that I need to do...
> >>
> >> My requirement
> >> I want the machines from both subnets to see machines from other subnets
> >
> > as
> >
> >> though they are on the same network, to acess services like samba,
> >> mail(pop/smtp), etc..
> >>
> >> What I have
> >> The two network's have differnet private addressing's for the subnets
> >> 192.168.0.0/24 192.168.100.0/24
> >> We have fast static public IP addresses to the internet...
> >>
> >> This is possible with SuperFreeSWAN... If I can do this with CIPE, I
> >
> > would
> >
> >> like to switch over to cipe, since redhat has support for CIPE, and I
> >
> > wont
> >
> >> have to patch and compile kernels....
> >>
> >> Thanks in advance.....
> >>
> >> Regards,
> >> Keith
> >> --
> >> "I asked for strength and God gave me difficulties to make me strong.
> >> I asked for Wisdom... and God gave me problems to solve.
> >> I received nothing I wanted... But I received everything I needed."
> >>
> >> --
> >> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> >> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> >> Other commands available with "help" in body to the same address.
> >> CIPE info and list archive:
> >
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> >
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive: <URL:
> > http://sites.inka.de/~bigred/devel/cipe.html>
> >
> >
> >
> >
> >
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
> --
> Renato Salles
> Ger.Geral
> RSNetServices
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
>
>
>
>
>
>
>
>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>


<< | Thread Index | >> ]    [ << | Date Index | >> ]