Building Linux Virtual Private Networks (VPNs)
Oleg Koleshikov and Brian Hatch
New Riders Press, 2002, 385 pages
his book concentrates primarily on setting up VPNs
between Linux computers acting as VPN gateways. There are many scenarios where
this might be useful--for instance, if you were using a Linux box as a router
between two networks. For the most part, however, people build VPNs to
circumvent deficiencies in operating systems. These days, like it or not,
this means providing a service for Windows clients. The most common use of
VPNs is undoubtedly the "Road Warrior" scenario, with Windows clients
browsing a subnet on Linux running Samba. This in turn means NAT and DHCP.
Yet these topics, the authors say, are beyond the scope of the book. The
discussion of firewalls, which is another never-ending source of trouble
with VPNs, is superficial.
Although there is some coverage of SSL and certificates, the authors
recommend using pre-shared keys (PSKs) to authenticate users with FreeS/WAN.
The FreeS/WAN documentation, and the documentation from various VPN clients,
all say repeatedly that this is a Really Bad Idea. Of course, a VPN is simpler
to set up with PSKs. But the reason people buy books like Building Linux
Virtual Private Networks is not to learn the easy stuff, but to learn
how to do the tasks that are difficult.
December 23, 2002