[ previous ] [ next ] [ threads ]
 
 From:  "Michael Graves" <mgraves at mstvp dot com>
 To:  "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>, "Chris Buechler" <cbuechler at gmail dot com>
 Subject:  Re: [m0n0wall] SSL VPN?
 Date:  Mon, 22 Dec 2008 17:14:05 -0600
On Mon, 22 Dec 2008 17:56:34 -0500, Chris Buechler wrote:

>On Mon, Dec 22, 2008 at 2:53 PM, Quark IT - Hilton Travis
><Hilton at quarkit dot com dot au> wrote:
>> G'day Michael,
>>
>> M0n0wall had previously included the OpenVPN code, however it was
>> removed (from memory) because of stability issues.  Weird, I know,
>> because OpenVPN is used by a lot of others without issue, such as the
>> DD-WRT guys in their replacement OS for the Linksys WRT-series (and
>> others) router devices.
>>
>
>It was related to how m0n0wall works with OPT interfaces, it created
>problems. Don't remember specifically, but it created bugs. No one was
>interested in fixing it.
>
>I agree, that's the best option for SSL VPN.
>
>Though OpenVPN isn't what most people are after when they say "SSL
>VPN". Yes, it does use SSL, but most have had the marketing term "SSL
>VPN", or "clientless VPN" (utter garbage, there is no such thing)
>shoved down their throat by commercial vendors' marketing departments
>to mean something completely different.
>
>There are a couple open source SSL VPN with web based client
>distribution options (more technically correct description than "SSL
>VPN" or "clientless VPN", but it sure doesn't have a nice ring, eh?).
>But, they all require Java, which screams bloat and maintenance
>headaches. Java in and of itself is significantly bigger than all of
>m0n0wall, so I wouldn't expect to ever see that. Besides, you probably
>really don't want a SSL VPN with web based client distribution (ahem).
>Discussion of why here:
>http://www.mail-archive.com/support at pfsense dot com/msg13595.html
>

Thanks for the clarification. My issue doesn't really relate to being
clientless. It has to do with being a guest on someone LAN.

I'd like to be able to ship a device to a prospect for demonstration.
They put it on their network. We then use something like Webex or
GotoMeeting to orchestrate a live remote demonstration.

As I'm doing the demo I'd like to be able to send commands to the
device under test using an XML protocol over TCP sockets. At present I
have the device configued to make a PPTP VPN  connection back to my
office LAN. Once its connected I can send XML commands to it as if its
local.

However, lots of prospects don't allow me to initiate a PPTP connection
from the LAN. The real question is what can I do to ensure that I have
the ability to connect to the device under test?

Michael
--
Michael Graves
mgraves<at>mstvp.com
http://blog.mgraves.org
o713-861-4005
c713-201-1262
sip:mgraves at mstvp dot onsip dot com
skype mjgraves
fwd 54245