Welcome to Linux Journal  - The Premier Magazine of the Linux Community
Create an account Home Topics Forum Your Account Top 10 Vendor Press July 26, 2002
Linux Journal
Magazine Archive
Web Article Index
Help Desk
User Groups (GLUE)
Special Events

Advertise in LJ
Write for Us
Recommend Us
LJ Press Releases
Vendor Press Releases
Contact Us

Other Options
Members List

Subscriber Services
Renew Subscription
Change Address
Subscription Inquiry
Customer Service
LJ Interactive

Linux Lunacy II

Kernel Watch

Order Back Issues
Reference Cards
Fun Stuff

Other SSC Sites
Embedded Linux Journal
Linux Gazette
Linux Buyer's Guide
OS Resale

Linux Review: Building Linux Virtual Private Networks (VPNs): A Book Review
Posted on Sunday, June 02, 2002 by Michael Cohen
Printer Friendly PageSend this Article to a Friend

Book Reviews Some good information for evaluating potential Linux VPN setups, but if you're looking for a HOWTO, this isn't it.

Title: Building Linux Virtual Private Networks (VPNs)
Authors: Oleg Kolesnikov and Bri Hatch
Publisher: New Riders Publishing
ISBN: 1578702666

As an enthusiastic Linux newbie trapped in the body of a Windows/Netware IT consultant, I gladly welcomed another opportunity to push Linux to my clients. When I heard about the publication of this book, I was eager to get my hands on a copy to see if I could feasibly begin using Linux VPN gateway/firewalls with some of my smaller clients as a low-cost replacement for some of the Intel and Cisco VPN gateway products.

Despite the fact that virtual private networking is one of the hottest terms in today's computing world, there still seems to be no definitive book for Linux-based VPNs. I hoped this book would help me get a foothold on what could be a new niche for Linux in the small business market.

The first few chapters are on the administrative basics of VPNs. There are some helpful introductory concepts like topology, cost comparisons, leased lines and methods of remote key exchange. Aside from a few reminders about password security, the opening section can be skipped entirely by anyone with any prior WAN experience.

The meat of this book is the second section. In part two, there are three detailed chapters on the main players in the Linux VPN world: SSH, FreeS/WAN and PPTP. The authors do a thorough job of explaining the basic setups for each one and highlighting the pros and cons of the different technologies. The level of instruction here assumes very little Linux knowledge and even includes step-by-step walkthroughs for kernel recompilation. Unfortunately, when I hit an IPSec security authorization rule hurdle, there was little included in the way of troubleshooting help. After a lengthy session on the Web and thanks to some Usenet friends I was able to solve my problem. I spent quite a bit of time reading over the IPSec and FreeS/WAN chapters and found the simple definitions of the different hashing algorithms easy to digest. Encryption can be tough to grasp, and the authors explain enough to allow you to understand the basic configuration fully, yet not so much as to bog the reader down in numeric details.

The final section of the book deals with "nonstandard" VPN protocols with a chapter each on Tinc, cIPe and VTun. I found these sections concise and intriguing, but not nearly enough to support the design and implementation of a production-level VPN. As with all the other chapters, there are samples of the three basic configurations: host to host, network to host and network to network. If an administrator were to decide to use one of these lesser-known protocols for their setup, they surely would have to do a great deal of additional research because what is provided in the book is understandably superficial.

Perhaps I'm going to be crucified for saying this, but my main complaint about this book is that it just didn't have enough Windows material in it. The simplistic diagrams and streamlined config files Hatch and Kolesnikov provide make it easy for any intermediate or advanced user to get a basic VPN up and running but do little to help you deal with the complexities of a cross platform VPN. When confronted with the task of getting my Windows 2000 laptop up and running with the base FreeS/WAN setup on my Linux gateway I was unable to get it working. The author omits the "Windows Road Warrior" configuration stating that Windows remote-client connectivity is still fairly unreliable and thus out of the scope of the text. This proved a major hurdle for me given that the majority of the VPN environments I work in are those with remote salespeople on the road with Windows laptops.

As much as I would like to voice my frustrations with this book, saying that the one configuration of the one piece of software that I wanted to use (Windows/Linux via FreeS/WAN) was not available, I cannot overlook the fact that for a first delve into the Linux-VPN sector, this text is adequate.

I would recommend this book to intermediate and advanced administrators who are evaluating potential Linux VPN solutions. For those looking for a step-by-step HOWTO to support a corporate solution, you may have to get on-line with me and wait for something from our friends at O'Reilly.

"Linux Review: Building Linux Virtual Private Networks (VPNs): A Book Review" | Login/Create an Account | 2 comments
The comments are owned by the poster. We aren't responsible for their content.
Re: Building Linux Virtual Private Networks (VPNs): A Book Review (Score: 0)
by Anonymous on Sunday, June 02, 2002
I found the New Rider's Book to be much more informative than the O'Reilly VPN book.

[ Reply to This ]

Re: Building Linux Virtual Private Networks (VPNs): A Book Review (Score: 1)
by Ace-Jones on Sunday, June 02, 2002
(User Info | Send a Message) http://www.lycos.com
I have been struggling with this very problem... Getting a windows machine (Win 98, in my case) to interoperate with FreeS/WAN on Linux. Would love to see this topic covered in depth somewhere.

[ Reply to This ]

1994-2002 Specialized Systems Consultants, Inc. (SSC) publishers of Linux Journal.
Privacy Statement

Syndicated news file: news.rss or Netscape Sidebar: tab.rdf
Powered by PHP-Nuke