To be honest, having used Free/SWAN some... I well... don't use it in
production environments..  I actually the prefer the seamlessness of VPN
network appliances.  Also, over the period of 2 years the power savings
alone manage to pay for themselves.  Something to think about.
 Hell, even the linksys VPN routers work great.  Kris

> Ben Coffman wrote:
>> LUGers
>>
>> What would be a good web site or book to read about setting up a VPN
>> between two RH Linux machines?  Do I use software for this, or do I
>> just configure the firewall just so...
>
> You need some software to do the encrypting, or you wind up with a VN,
> not a VPN. :)
>
> Linux solutions include the FreeS/WAN IPSec implementation, which is
> very powerful, but pretty complex to initiall setup, as kernel patching
> is required.  You can also use ssh, ssl, cipe, and several other
> options.  What will work best for you depends on how you plan to use the
>  VPN link, if you care about adhering to some sort of standard (like
> ipsec), and how much effort you want to put into up-front setup and
> ongoing maintainence.
>
> You might want to start with the VPN-HOWTO:
> http://www.tldp.org/HOWTO/VPN-HOWTO/
>
> ...which describes how to build a VPN with SSH, and covers some basics
> and describes some alternatives.
>
> I'd also suggest reading through the FreeS/WAN docs if you want a true
> VPN.  The ssh tunnels can run into problems with less than perfect
> connections...since ssh is running over TCP (a guaranteed delivery
> mechanism), if you run tcp connections through an ssh tunnel, you can
> get nasty interactions between the two tcp stacks if your link drops or
> mangles packets, which can rapidly degrade the usefulness of your "VPN".
>
> http://www.freeswan.org/doc.html
>
> FYI:  I'd rate configuring FreeS/WAN about the same as dealing with bind
>  (named) on my sysadmin complexity scale.  It's pretty hard to wrap your
>  head around until you get everything working, but once setup and
> working, it's pretty easy to maintain.
>
> --
> Charles Steinkuehler
> charles@steinkuehler.net
>
>
>
>