[Chugalug] VPN suggestions
rod-lists at epbfi.com
Sat Sep 7 01:20:39 UTC 2013
What is the difference between a cert and a PSK?
On Fri, 06 Sep 2013 00:29:25 -0400, Mike Robinson
<miker at sundialservices.com> wrote:
> "++" for OpenVPN (and TunnelBlick on a Mac).
> These packages work extremely well, and are very easy to set up ...
> provided that you always keep firmly in mind the fact that VPN is
> designed to tell "Eve" absolutely Nothing. Until you get things set up
> just-right, VPN by design will basically give you =no= clues as to
> what's wrong. Pay very, very close attention to details (as VPN itself
> does). For instance, one client had a devil of a time with a
> certificate, until we noticed that the state-name was "VA" in one place,
> and "Va" in another. That was the difference that made all the
> difference. Heh. And the message? Something about "self-signed
> certificate in chain." Heh. Welcome to the world of VPN error-messages.
> Be sure to secure the link with certificates, not passwords (a.k.a.
> "pre-shared keys" or PSKs).
> VPN definitely trumps SSH in my opinion because "providing a secure
> tunnel" is what VPN was foremost designed to do. "It's just there, and
> by-the-by it's secure." The fact that it's supported by many
> off-the-shelf routers is an added bonus.
Using Opera's mail client: http://www.opera.com/mail/
More information about the Chugalug