D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] A few server problems, squirrelamail

 

On Friday 10 June 2005 23:01, Simon Waters wrote:
 tidier would be closer to my opinion. More Tao ;)
> 
> > The VPN is ipsec, native 2.6 stack with openswan package. Any ideas for 
this
> > one?
> 
> Nope, I'm trying to give up VPNs in favour of putting stuff over SSL, at
> least where email is concerned.

Do you mean using encrypted SSL sessions or SSH tunnels? The reason I ask is 
that i know that i can secure the email logon with SSL but to do so would 
involve opening my pop3 server to the world so anyone could attempt to logon, 
or attempt to bruteforce. I also know that i could route pop3 etc through an 
SSH tunnel then used preshared ssh keys for authentication which adds a 
(IMHO) much better layer of security. The problem with SSH tunnels is that i 
effectivly have a WAN and i would have to tunnel each needed protocol and I 
know that you cannot do this very well with SMB protocols etc as the otherend 
is a MS Client and its on a network of its own. Hence the reason for the full 
VPN solution.

The VPN problem is indeed a MTU issue, as the VPN endpoint is masqurading the 
network behind it and the eth0 connection has a MTU of 1400 all internal 
network servers are perfect. (a mtu of 1500 breaks this access). (I think the 
overhead is 56 bytes + the NAT-T stuff).

The issue is indeed access to the local server as you cannot set the MTU for 
any (VPN) network traffic in this case, the tunnel bypasses eth0 settings, so 
i might have to patch the kernel to get the old KLIPS ipsecX interfaces back. 
Ot look at some nasty iptables clamping rules.


-- 
Robin Cornelius
---------------------------------------------------
robin@xxxxxxxxxxxxxxxxxxxxx
http://www.cornelius.demon.co.uk
http://sourceforge.net/projects/rt2400
GPG Key ID: 0x729A79A23B7EE764
http://www.biglumber.com/x/web?qs=0x729A79A23B7EE764

Attachment: pgp17lnXUwt3x.pgp
Description: PGP signature