mailing list archives
Re: Openvpn and ssh
From: Baptiste Malguy <baptiste.malguy () solsoft com>
Date: Tue, 17 Jan 2006 10:37:24 +0100
Juan B a écrit :
Can someone please explain to if open vpn and vpn in
general is more secure then using SSH to conect for
example to my server at home? and if yes why is that?
The concept of VPN and the VPN protocols are two distincts things.
The concept is simply to have a machine or a set of machines virtually
connected to a remote network.
The protocols are implemented. Both (protocols and implementations) can
be good or have very serious lacks and finally be unuseful.
You have many kind of VPN implementations and protocols existing.
To take a bad example, you have the PPTP protocol (initially by
Microsoft) which is known to have some serious lacks, allowing to a
third party to potentially steal the login and password of the VPN
client (I will not discuss the technical aspects here ;-)
To take another very well known example, you have IPSec protocol (stands
for IP Security) with different (sometimes incompatible)
implementations. IPSec has some known lacks that developpers try to fix.
From my point of view, IPsec requires hard work to work properly and be
Another young but already good example is OpenVPN which is based on TLS
(SSL). It's pretty easy to setup (compared to IPSec) efficient, based on
simple network communications (compared to PPTP and IPSec) allowing
proxy pass-through and NAT traversal with any special stuff on the
Choose to use a VPN requires to choose a secured implementation. If you
don't, it's useless.
SSH is a very secure system providing remote shell and TCP port forwarding.
Mmmm I've probably already written too much. Let's try to be quicker.
In your case, if the only thing you want to do is remote shell, SSH is
probably enough. If you also want to be able to connect to some services
on your home computer (VNC, Windows shares, protocols with cleartext
password on the wire, ...) use a VPN is a good idea and OpenVPN is a
Baptiste MALGUY - IT Engineer SOLSOFT
PGP Fingerprint: 2A90 B6D1 855F 1584 FE68 94AC CCD6 36D0 3DC7 DCB8
www.solsoft.com - phone: +33 1 47 15 04 00 - fax: +33 1 47 15 55 09
How secure networks are managed.
Description: OpenPGP digital signature
RE: Openvpn and ssh David Gillett (Jan 18)
- Openvpn and ssh Juan B (Jan 17)
- Re: Openvpn and ssh Baptiste Malguy (Jan 17)
- Re: Openvpn and ssh Nick Owen (Jan 17)
- Why is that when an E-Mail is sent via an E-Mail client it's altered, but not if it's sent via the web site? Ebeling, Jr., Herman Frederick (Jan 20)
- Re: Why is that when an E-Mail is sent via an E-Mail client it's altered, but not if it's sent via the web site? Christos Triantafyllidis (Jan 21)
- RE: Why is that when an E-Mail is sent via an E-Mail client it's altered, but not if it's sent via the web site? Ebeling, Jr., Herman Frederick (Jan 21)
- RE: Why is that when an E-Mail is sent via an E-Mail client it's altered, but not if it's sent via the web site? Ebeling, Jr., Herman Frederick (Jan 23)
- Re: Openvpn and ssh NewYork User (Jan 20)