I have to say that is a very good thing that companies like StingHorn invest in research about the 770.
But why do they create a specific VPN solution ? There are standards around here : IPSEC and SSL ! Does the only standard they know about is a proprietary solution ?
Why do they to reinvent the wheel ?
Moreover their solution doesn't seem to use x509 certificates which would lead to management difficulties.
For now, waiting for a port of OpenS/Wan, I'm using openvpn with certificates. A little slow to start by functional. Good job.
openvpn is a defacto (and open) standard in the Linux world not a true standard however.
if you look at the screenshots you'll see that they're using l2tp, which is also a standard a'la pptp and ipsec.
You're right.Indeed I haven't seen the following http://www.stinghorn.com/doc/p06-shn-vpn-stopped.png
before my post.
And in the StingHorn article they talk about L2TP/IPsec : "The freely distributed client software enables automatically secure VPN connections to Stinghorn Secure Business Suite's L2TP/IPsec VPN gateway".
Sorry for my precipitation;
The latest screen shows that they are well using IPSEC, even a racoon daemon on the client side. Racoon is standard amongst open source solutions (which are openS/Wan, racoon and ISAKMPD).
So, BRAVO and a good thing ... finally.
But I wonder if a standard solution on the server side (racoon for example) will work with their client.
I suppose that it won't be the case for commercial reasons ...
So, to be tested ... Hoping it doesn't need a new kernel (with crypto libraries as modules).
Instructions for building your own client and kernel
are also available, in case you feel unsure about using a
third-party provided (that would be us) one.
Personal credits: for writing the client, Tomi Ollila,
who has been actually pestering you on this very list about
packaging and menu issues. My involvement was limited to just
getting the components for L2TP/IPsec connection built and
working.
Why build a client like this? We offer a commercial
L2TP/IPsec VPN gateway which works seamlessly with several
platforms - with now Nokia 770 included.
On behalf of entire Stinghorn team, enjoy.
--
Mika Boström \-/ "World peace will be achieved Bostik@stinghorn.com X when the last man has killed
+358 40 759 0016 /-\ the second-to-last." -anon?
Custom kernel image? that smells bad. Can't the necessary stuff be built as modules? Otherwise we'll end up with a bunch of apps each needing their own custom kernel images and thus incompatible between themselves.
it should be possible, but i think they just didn't bother as of now. you could e-mail the company and ask them about it. (or maybe if we get lucky they might drop by here and give us some answers )
the opensource site he mentions also has client installation and compilation instructions btw.
Custom kernel image? that smells bad. Can't the necessary stuff be built as modules?
No. At least not everything. Check their wiki link for details.
And pptp needs custom kernel too. Looks like OpenVPN is the only solution with stock kernel.
Custom kernel is not so dangerous. If you are afraid you can first load and boot custom kernel without touching the flash memory. You need linux flasher executable for this ('flasher -l -b -k kernelimage' boots is without flashing). And later when you find the kernel is working you can flash it without touching the rootfs. It can be done without loosing any data if done with care.
)