VPN suggestions

From: Mike Robinson 
------------------------------------------------------
"++" for OpenVPN (and TunnelBlick on a Mac).

These packages work extremely well, and are very easy to set up ... =
provided that you always keep firmly in mind the fact that VPN is =
designed to tell "Eve" absolutely Nothing.  Until you get things set up =
just-right, VPN by design will basically give you =3Dno=3D clues as to =
what's wrong.  Pay very, very close attention to details (as VPN itself =
does).  For instance, one client had a devil of a time with a =
certificate, until we noticed that the state-name was "VA" in one place, =
and "Va" in another.  That was the difference that made all the =
difference.  Heh.  And the message?  Something about "self-signed =
certificate in chain."  Heh.  Welcome to the world of VPN =
error-messages.

Be sure to secure the link with certificates, not passwords (a.k.a. =
"pre-shared keys" or PSKs).

VPN definitely trumps SSH in my opinion because "providing a secure =
tunnel" is what VPN was foremost designed to do.  "It's just there, and =
by-the-by it's secure."  The fact that it's supported by many =
off-the-shelf routers is an added bonus.=

=============================================================== From: Rod ------------------------------------------------------ What is the difference between a cert and a PSK? On Fri, 06 Sep 2013 00:29:25 -0400, Mike Robinson wrote: -- Using Opera's mail client: http://www.opera.com/mail/

=============================================================== From: wes ------------------------------------------------------ conceptually, you could think of a certificate as sort of a kajillion-character-long password. additionally, both sides don't have the same cert/password: they each get a mutually compatible one. these are called the "public key" and the "private key". example: abcdefghijklm -> encrypted via private key -> @!#%$@#%^%$*& abcdefghijklm -> encrypted via public key -> &*)^&*$%^@$#$ @!#%$@#%^%$*& -> decrypted via public key -> abcdefghijklm @!#%$@#%^%$*& -> decrypted via wrong key -> ^$%#$%@#$@$^% point being, data encrypted by one key can only be decrypted by the other key, not even by the same key it was originally encrypted with. a "certificate" is a key (public or private) which also contains extra info about the who/what/when/where/why of the situation. this is used to ensure that the proper keys are being used. -wes