Contributed by grey on from the stretching authpf's legs and not forgetting about w32/putty dept.
(Comments are closed)
OpenBSD Journal
Contributed by grey on from the stretching authpf's legs and not forgetting about w32/putty dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Ben Goren (65.39.81.115) ben@trumpetpower.com on http://www.trumpetpower.com/
...or is the article nothing more than an excessively verbose introduction to authpf?
Cheers,
b&
By Matt Van Mater (68.49.156.213) on
Once upon a time I thought geekspeed.net did something similar too. (i think it was run by don bailey, one of the shmoo guys, who was an obsd user once upon a time)
I think for regular joe sixpack types, a SSL enabled gateway would be much more user friendly, similar to the commercial offerings that you find in hotels. Does anyone have any other examples like this?
Comments
By bert (68.50.4.145) thrashbluegrass at antisocial dot com on
Comments
By Anonymous Coward (66.131.206.88) on
By Brian (205.161.1.46) on
By Anonymous Coward (83.175.206.226) on
Comments
By Luiz Gustavo (200.225.76.130) on http://hades.uint8t.org
Comments
By sthen (81.168.66.229) on
Doesn't sound too bad... This article is of course only describing things from a cryptographic point-of-view, it doesn't mention anything about whether the code is secure, well-designed etc. I'd be interested to hear comments about this, if anyone cares to make them... (I've generally been using ipsec vpn, but there have been occasions, e.g. over some GPRS networks, where this wasn't possible, however OpenVPN is working fairly reliably).
By X (213.228.0.86) on
By Anonymous Coward (213.23.128.87) on
Especially the two points outlined in the FAQ comparing authpf to NuFW are of interest to me (just posting an excerpt):
How different is NuFW from authpf ?
With authpf, a user authenticates when he connects to the gateway through ssh and rules are added at this moment. Thus there are two points :
1. The rules are added once and cannot change dynamically after the user has logged in.
2. Rules are linked to the IP the user has connected from. Thus, authpf is not resistant to either multiple logins on the same machine or either network address translation that can mask a ton of users behind an IP.
With NuFW :
Rules can be changed dynamically at any time (with the limitation that active (established, related) connexions are not closed)
NuFW is tolerant to computers with multiple simultaneous users because each user authenticates his own connexions. NuFW is resistant to NAT because the real source IP address is contained in the encrypted authentication packet.