Big VPN

[Luca Filipozzi]

On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote:
> Richard Atterer wrote:
> >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote:
> > >You might want to check tinc (http://tinc.nl.linux.org)
> > >   
> > >
> >
> >I strongly recommend *not* to use tinc. 
> ><http://www.securityfocus.com/archive/1/249142> illustrates that the
> >authors didn't have enough expertise to build a secure tool 2 years ago.
> >The problems were still present last autumn, see
> ><http://www.mit.edu:8008/bloom-picayune/crypto/14238>. What a track record!
> >
> >With VPN software, IPSec is the only real option if you want to be certain
> >it is secure.
> >
> Nice, the first article is based on a alpha version (pre-beta) of tinc, 
> you didn't include the official answer.
> 
> This sounds alot like FUD, are you the author of a compeditive product?

What about the second link?  Perhaps you could have pointed us to TINC's
reply to Gutmann's (the second link) criticisms rather than simply
claiming this is FUD.

Unfortunately, I can only point to the google cache of the TINC's
response since the machine (nl.linux.org) that hosts TINC's website has
been rooted.  Anyway, here's the google cache of the response:

http://www.google.ca/search?q=cache:tinc.nl.linux.org/security

Gutmann's criticisms, slightly expanded over his original posting, can
be found here:

http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt

I'm personally in favour of an IPsec VPN using openbsd or linux 2.6.  I
think an acceptable user-land alternative might be openvpn.  I would
have to do more investigation of Gutmann's claims before feeling
comfortable with the other user-land alternatives: tinc, cipe or vtun.

Yours,

Luca

-- 
Luca Filipozzi
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E  09C1 3573 32C4 5A82 7A2D

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/