Re: N800 VPN Client. Cash Reward?
 

L2TP/PPTP is not exactly the same as L2TP over IPSec which is what we are talking about here. It would be useful to have a client, however, most of the time these clients are just custom scripts that setup a GRE connection to tunnel PPP though. There is a plain PPTP client out there for debian, it should be a matter of course to get it working for the N800. Once you mix IPSec into this, things get a little crazy. This is shaping up to turn into a suite of VPN based clients it looks like. :)

Re: N800 VPN Client. Cash Reward?
 

Shouldn't the standard MS PPtP stuff work? That's my understanding from the reply from the sysadm. If so I'm in line with the previous poster (and I mentioned this in my first reply too - see posting 2).

Re: N800 VPN Client. Cash Reward?
 

The developer discounts have all been allocated.

It's worth noting that many people clamouring for an easy to use VPN solution all require different things. Personally, I now need PPTP, however others need OpenVPN, others L2TP, others IPsec etc. etc.

A single easy-to-use GUI which handled all of the above would be the real killer app...

Re: N800 VPN Client. Cash Reward?
 

Though it seems unlikely anyone will ever code such a beast, it would be truly wonderful to have. I bought my N800 expecting to make an IPsec VPN connection to my Netgear router at home. I saw there were VPN clients for the internet tablet and foolishly never investigated whether there were multiple incompatible VPN technologies.

Re: N800 VPN Client. Cash Reward?
 

sjgadsby , openvpn is a bit complex to set up, but you just need to open one UDP port on your router and you're done.

Re: N800 VPN Client. Cash Reward?
 

I have considered that, but at this time I don't have a particular desktop I keep powered on (and running a set OS) at home. I'd like to use the VPN built into my router to access whatever's on the network.

Re: N800 VPN Client. Cash Reward?
 

PPTP is bad; the control & authentication channels are outside the encryption.

L2TP is better, but by itself the protections suck (weak encryption).

Cisco's IPSec + XAUTH suffers from incompatibility with, oh, everything not Cisco, and has a group enumeration vulnerability.

L2TP/IPSec is best of the lot, but it really needs EAP-TLS authentication to be secure.

SSL VPNs are the new buzzword, but they make you jump through hoops to transport anything other than application protocols.

Nah, I'm not cynical. :)

-- C

Re: N800 VPN Client. Cash Reward?
 

I like the sound of this - and yes it would be a killer (set of) app(s). As for unlikely to code such a beast: It's been coded, all the connection methods have. Though not integrated into a single client - but what we could make is a single front end and have all the clients work under it, that is not an unreasonably hard undertaking, I mean it's just configuration files and scripts we need to create. It would not be too much of a stretch to get it working. I'm not a GUI programmer - however I can make the back end work, and this looks like a cool cool project that would be useful to a lot of people - and again I think I know exactly how to do it. I can't wait to get one of these babies in my grubby hands to start playing with it.

So far, I can see we will need the following:

- IPSec software (as in openswan or strongswan)
- custom kernel for the N800 w/ appropriate networking apps (like iproute2 iptables etc etc)
- for PPTP pure Microsoftian connection, you need these 3 debian packages:
kernel-patch-mppe - MPPE Encryption for PPP
pptp-linux - Point-to-Point Tunneling Protocol (PPTP) Client
pptpd - PoPToP Point to Point Tunneling Server (if you want MS Windows machines to connect to your N800 through PPTP).
- L2TP has no specific client, you can literally setup scripts to create the appropriate GRE tunnels configured with a PPP connection through to authenticate with the server.
- a Front end (in the beginning there was text) that we can make into a Maemo-prettied GUI for the masses.

Unfortunately the install of this is *not* likely to be easy. It will most likely require a custom kernel unless we can make those modules that we need into packages from the default kernel, I think that would resolve the instalation hassles and make it a lot easier to install.

Re:Texrat - I believe that I've seen patches for SecureID, but my quick perusal of the respective IPSec implementation's FAQs I didn't see any mention beyond a subject header. SecureID is sent as part of XAUTH in IPSec, if there is cash to be had for this project, maybe we can find someone willing to write a patch that implementes this functionality. I don't want to do it for the money and I don't have the skills to implement that myself, I just want to create solution for us to use.

Re: N800 VPN Client. Cash Reward?
 

3 of the people on this threat attend Indiana University. Our university supports two solutions, either PP2P, or L2TP over IPSEC.

It would seem that L2TP over IPSEC will be the easiest solution to implement.

This page here (http://www.jacco2.dds.nl/networking/linux-l2tp.html) has instructions on setting up a linux machine as a L2TP over IPSEC VPN client.

The three components needed:

IPSEC - The N800 already has vpnc, although, I am not sure if this will work. The author's instructions use openswan.

PPP support - is this included in the kernel by default?

LT2P support - This will need to be ported, although, it doesn't involve a kernel module (thank goodness). The best one seems to be: http://www.xelerance.com/software/xl2tpd/

Re: N800 VPN Client. Cash Reward?
 

[QUOTE=genome4hire;37542]3 of the people on this threat attend Indiana University. Our university supports two solutions, either PP2P, or L2TP over IPSEC.

It would seem that L2TP over IPSEC will be the easiest solution to implement.
[/url]

Not too sure. IU's Unix Support has a rather good set of scripts for setting up the PPTP connection, and so the only thing needed is to install the pptp client (easy rebuild of the Debian package) and replacing the kernel with one that has the required crypto modules.

Whether to build a GUI on top of that or not is optional. It might be useful, but then again, there's PPTP support for NetworkManager in their Subversion repository, which who knows, we might get in OS2008.

http://kb.iu.edu/data/akcx.html