Reply
Thread Tools
Posts: 5 | Thanked: 0 times | Joined on Mar 2007
#11
Originally Posted by genome4hire View Post
I believe someone already did this, for the 770.

A company called Stinghorn announced a L2TP/PPTP VPN client for the 770. It required that you flash a custom kernel, to get the support needed.
L2TP/PPTP is not exactly the same as L2TP over IPSec which is what we are talking about here. It would be useful to have a client, however, most of the time these clients are just custom scripts that setup a GRE connection to tunnel PPP though. There is a plain PPTP client out there for debian, it should be a matter of course to get it working for the N800. Once you mix IPSec into this, things get a little crazy. This is shaping up to turn into a suite of VPN based clients it looks like.
 
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#12
Shouldn't the standard MS PPtP stuff work? That's my understanding from the reply from the sysadm. If so I'm in line with the previous poster (and I mentioned this in my first reply too - see posting 2).
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 
aflegg's Avatar
Posts: 1,463 | Thanked: 81 times | Joined on Oct 2005 @ UK
#13
The developer discounts have all been allocated.

It's worth noting that many people clamouring for an easy to use VPN solution all require different things. Personally, I now need PPTP, however others need OpenVPN, others L2TP, others IPsec etc. etc.

A single easy-to-use GUI which handled all of the above would be the real killer app...
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
Now known as
Jaffa
 
Posts: 5,335 | Thanked: 8,187 times | Joined on Mar 2007 @ Pennsylvania, USA
#14
Originally Posted by aflegg View Post
Personally, I now need PPTP, however others need OpenVPN, others L2TP, others IPsec etc. etc.

A single easy-to-use GUI which handled all of the above would be the real killer app...
Though it seems unlikely anyone will ever code such a beast, it would be truly wonderful to have. I bought my N800 expecting to make an IPsec VPN connection to my Netgear router at home. I saw there were VPN clients for the internet tablet and foolishly never investigated whether there were multiple incompatible VPN technologies.
 
Posts: 19 | Thanked: 2 times | Joined on Nov 2006 @ Paris, FRANCE
#15
sjgadsby , openvpn is a bit complex to set up, but you just need to open one UDP port on your router and you're done.
 
Posts: 5,335 | Thanked: 8,187 times | Joined on Mar 2007 @ Pennsylvania, USA
#16
Originally Posted by guerby View Post
sjgadsby , openvpn is a bit complex to set up, but you just need to open one UDP port on your router and you're done.
I have considered that, but at this time I don't have a particular desktop I keep powered on (and running a set OS) at home. I'd like to use the VPN built into my router to access whatever's on the network.
 
Posts: 26 | Thanked: 0 times | Joined on Nov 2006
#17
PPTP is bad; the control & authentication channels are outside the encryption.

L2TP is better, but by itself the protections suck (weak encryption).

Cisco's IPSec + XAUTH suffers from incompatibility with, oh, everything not Cisco, and has a group enumeration vulnerability.

L2TP/IPSec is best of the lot, but it really needs EAP-TLS authentication to be secure.

SSL VPNs are the new buzzword, but they make you jump through hoops to transport anything other than application protocols.

Nah, I'm not cynical.

-- C
 
Posts: 5 | Thanked: 0 times | Joined on Mar 2007
#18
Originally Posted by aflegg View Post
The developer discounts have all been allocated.

It's worth noting that many people clamouring for an easy to use VPN solution all require different things. Personally, I now need PPTP, however others need OpenVPN, others L2TP, others IPsec etc. etc.

A single easy-to-use GUI which handled all of the above would be the real killer app...

Originally Posted by sjgadsby View Post
Though it seems unlikely anyone will ever code such a beast, it would be truly wonderful to have. I bought my N800 expecting to make an IPsec VPN connection to my Netgear router at home. I saw there were VPN clients for the internet tablet and foolishly never investigated whether there were multiple incompatible VPN technologies.
I like the sound of this - and yes it would be a killer (set of) app(s). As for unlikely to code such a beast: It's been coded, all the connection methods have. Though not integrated into a single client - but what we could make is a single front end and have all the clients work under it, that is not an unreasonably hard undertaking, I mean it's just configuration files and scripts we need to create. It would not be too much of a stretch to get it working. I'm not a GUI programmer - however I can make the back end work, and this looks like a cool cool project that would be useful to a lot of people - and again I think I know exactly how to do it. I can't wait to get one of these babies in my grubby hands to start playing with it.

So far, I can see we will need the following:

- IPSec software (as in openswan or strongswan)
- custom kernel for the N800 w/ appropriate networking apps (like iproute2 iptables etc etc)
- for PPTP pure Microsoftian connection, you need these 3 debian packages:
kernel-patch-mppe - MPPE Encryption for PPP
pptp-linux - Point-to-Point Tunneling Protocol (PPTP) Client
pptpd - PoPToP Point to Point Tunneling Server (if you want MS Windows machines to connect to your N800 through PPTP).
- L2TP has no specific client, you can literally setup scripts to create the appropriate GRE tunnels configured with a PPP connection through to authenticate with the server.
- a Front end (in the beginning there was text) that we can make into a Maemo-prettied GUI for the masses.

Unfortunately the install of this is *not* likely to be easy. It will most likely require a custom kernel unless we can make those modules that we need into packages from the default kernel, I think that would resolve the instalation hassles and make it a lot easier to install.

Re:Texrat - I believe that I've seen patches for SecureID, but my quick perusal of the respective IPSec implementation's FAQs I didn't see any mention beyond a subject header. SecureID is sent as part of XAUTH in IPSec, if there is cash to be had for this project, maybe we can find someone willing to write a patch that implementes this functionality. I don't want to do it for the money and I don't have the skills to implement that myself, I just want to create solution for us to use.
 
Posts: 46 | Thanked: 15 times | Joined on Feb 2007
#19
3 of the people on this threat attend Indiana University. Our university supports two solutions, either PP2P, or L2TP over IPSEC.

It would seem that L2TP over IPSEC will be the easiest solution to implement.

This page here (http://www.jacco2.dds.nl/networking/linux-l2tp.html) has instructions on setting up a linux machine as a L2TP over IPSEC VPN client.

The three components needed:

IPSEC - The N800 already has vpnc, although, I am not sure if this will work. The author's instructions use openswan.

PPP support - is this included in the kernel by default?

LT2P support - This will need to be ported, although, it doesn't involve a kernel module (thank goodness). The best one seems to be: http://www.xelerance.com/software/xl2tpd/
 
hircus's Avatar
Posts: 149 | Thanked: 9 times | Joined on Jan 2007
#20
[QUOTE=genome4hire;37542]3 of the people on this threat attend Indiana University. Our university supports two solutions, either PP2P, or L2TP over IPSEC.

It would seem that L2TP over IPSEC will be the easiest solution to implement.
[/url]

Not too sure. IU's Unix Support has a rather good set of scripts for setting up the PPTP connection, and so the only thing needed is to install the pptp client (easy rebuild of the Debian package) and replacing the kernel with one that has the required crypto modules.

Whether to build a GUI on top of that or not is optional. It might be useful, but then again, there's PPTP support for NetworkManager in their Subversion repository, which who knows, we might get in OS2008.

http://kb.iu.edu/data/akcx.html
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 15:37.