Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] vpn
- From: Markus Gaugusch <markus@xxxxxxxxxxx>
- Date: Thu, 15 Nov 2001 09:07:17 +0100 (CET)
- Message-id: <Pine.LNX.4.40.0111150903560.27531-100000@xxxxxxxxxxxxxxxx>
> Ideally what I'd like to do is have an internal address (ie
> 10.10.1.2) for which all pop and imap requests would be forwarded via
> secure tunnel to the server.
>
> What's the best way to do this? Tunnel via ssh (that's my first
> reaction). Stunnel? FreeSwan?
stunnel is the easiest way. Just add an entry like
pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -r localhost:110
to your inetd.conf and use the SSL feature for POP in outlook (Netscape
unfortunately doesn't support SSL :(
If you want to use a better mail program than from microsoft (any other)
then it should work to connect with stunnel on your side to the stunnel on
the other side, but I have never tried that.
Markus
PS: if you use a self-signed certificate for stunnel (very likely) then
point your browser to https://your.server.net:995/ and install the
certificate, so outlook won't complain about it.
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
> 10.10.1.2) for which all pop and imap requests would be forwarded via
> secure tunnel to the server.
>
> What's the best way to do this? Tunnel via ssh (that's my first
> reaction). Stunnel? FreeSwan?
stunnel is the easiest way. Just add an entry like
pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -r localhost:110
to your inetd.conf and use the SSL feature for POP in outlook (Netscape
unfortunately doesn't support SSL :(
If you want to use a better mail program than from microsoft (any other)
then it should work to connect with stunnel on your side to the stunnel on
the other side, but I have never tried that.
Markus
PS: if you use a self-signed certificate for stunnel (very likely) then
point your browser to https://your.server.net:995/ and install the
certificate, so outlook won't complain about it.
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
| < Previous | Next > |