Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] vpn
- From: Michael Bartosh <mbartosh@xxxxxxx>
- Date: Thu, 15 Nov 2001 08:06:41 -0700
- Message-id: <a05101033b81987410982@[192.168.1.100]>
At 9:07 AM +0100 11/15/01, Markus Gaugusch wrote:
Maybe I wasn't being clear.
I have a server at a colo. Mail for my domain is now arriving there.
At home, I have a private net. I want pop requests from a client on 192.168.1.x to be forwarded via secure tunnel from my Nat host (Suse 7.2) to the colo machine (Suse 7.3). I'm no goot as ascii or I'd draw it.
My wife has the good sense to use Macs, and while M$ makes a Mac outlook, she uses Mac OS X's built in mail client, which does not support ssl. I use Eudora on Mac OS X which supports apop but not ssl. I'm not interested in using some funky version of an encrypted protocol. Rather I've always been a big fan of having all traffic encrypted. Free Swan looks overly complex for our needs (now that I loook) so I think I'm looking for a way to tunnel all traffic between my NAT machine and colo machine via SSH, and for my NAT machine to forward pop / imap requests to the colo machine.
I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url?
Thanks-
-mab
--
> Ideally what I'd like to do is have an internal address (ie
10.10.1.2) for which all pop and imap requests would be forwarded viastunnel is the easiest way. Just add an entry like
secure tunnel to the server.
What's the best way to do this? Tunnel via ssh (that's my first
reaction). Stunnel? FreeSwan?
pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -r localhost:110
to your inetd.conf and use the SSL feature for POP in outlook (Netscape
unfortunately doesn't support SSL :(
If you want to use a better mail program than from microsoft (any other)
then it should work to connect with stunnel on your side to the stunnel on
the other side, but I have never tried that.
Markus
PS: if you use a self-signed certificate for stunnel (very likely) then
point your browser to https://your.server.net:995/ and install the
certificate, so outlook won't complain about it.
Maybe I wasn't being clear.
I have a server at a colo. Mail for my domain is now arriving there.
At home, I have a private net. I want pop requests from a client on 192.168.1.x to be forwarded via secure tunnel from my Nat host (Suse 7.2) to the colo machine (Suse 7.3). I'm no goot as ascii or I'd draw it.
My wife has the good sense to use Macs, and while M$ makes a Mac outlook, she uses Mac OS X's built in mail client, which does not support ssl. I use Eudora on Mac OS X which supports apop but not ssl. I'm not interested in using some funky version of an encrypted protocol. Rather I've always been a big fan of having all traffic encrypted. Free Swan looks overly complex for our needs (now that I loook) so I think I'm looking for a way to tunnel all traffic between my NAT machine and colo machine via SSH, and for my NAT machine to forward pop / imap requests to the colo machine.
I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url?
Thanks-
-mab
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
--
| < Previous | Next > |