10/19   I installed openVPN here at work as our VPN solution for now but
        the Mac's have real issues with DNS. They basically don't pick up
        the internal DNS server after connecting. Anyone know the solution
        to that one or know of a better VPN solution for macs?
        \_ Does it have to be SSL-based?  Is commercial an option?  Do you
           need HA?  Is this for roving clients or working at home?  How
	...

8/3     Similar to the post below, I'm planning to set up a machine outside
        of the firewall and I'm considering FC3/4 or RH9, and maybe others
        too. Since it's outside of the firewall, security is a concern. In
        addition, manageability is a huge issue for me as I'm not intimately
        familiar with RPM package resolutions. What do you guys suggest?
        \_ Whatever you do, I'd recommend at least looking at selinux.  For
	...

4/29    I hate ipsec, so much.  It's like some twisted joke:
        "OpenS/WAN, a Cisco PIX, and a Sonicwall walk into a bar, and
        the bartender says, 'you got your PFS in my NAT-T!'"
o/28    Damn it, people, entertain me.
        \_ http://www.firefoxflicks.com/flick/index.php?id=19542&c=false
	...

3/14    I'm looking for a good tutorial/howto for setting up IPSEC
        on my *BSD router/firewall. Basically I want to be able to
        access my home network while I'm on the road (iBook w/ OSX
        10.4), and I don't want to set up a bunch of SSH port forwards
        to talk to various services. Any pointers?
3/14
	...

2/15    I'm trying to get someone setup on iChatAV but it appears that their
        ISP is blocking port 5060 (the SIP port) in order to promote their
        own VoIP products. Does anyone know of any clever ways to circumvent
        this (like port forwarding, proxy, etc.)?
        \_ Yeah--get a decent firewall (I'm going to keep on mentioning
           M0n0wall on WRAP) that does port NAT.  That, or IPSEC, although
	...

2/13    Do I really have to point my cisco pix at some cert. authority
        if I want to use keys (instead of "pre-shared secrets") ?
        I can't just self sign?? wtf?
        \_ Actually, why not just create a CA signing cert with OpenSSL
           (it's not that hard), sign a cert with that, and then import the
           CA public key into pix?  Or use a static passphrase for phase I
	...

10/9    Dear MOTD, I'm looking to give a bunch of windows users access to a
        filesharing solution on a unix box.  They're not terribly technical,
        and have mainly browser access.  Is there some sort of open source
        web based toy running over SSL that mimicks what they would see on a
        windows fileshare, with drag&drop/copy&paste?  -John
        \_ WebDAV on Apache might work for you. I think that recent
	...

7/17    Got any recommendations for the WiFi service(s) in the South Bay?  My
        main concerns are security (I am a WiFi idiot.  Just want to make sure
        that my WiFi transmittions are secure.  Is this possible?), stable
        connections once I am connected, and widely available.  Some of the
        Starbucks branches have been referring me to T-Mobile, but the T-Mobile
        does not seem to have a full list of the available WiFi spots it
	...

4/21    Is VPN a protocol?  Is it proprietary?  I use Cisco VPN to access my
        company network from home, and my friend uses Nortel VPN to access his
        company network from his home.  Are they compatible?  Thx.
        |_ ipsec
        \_ http://openvpn.net/articles.html
        \_ VPN is a concept.  There are many technologies that "do" VPN.
	...

3/9     Home WIFI poll.
        WPA: ..
        \_ My WPA is mainly a formality.  I have my AP on a DMZ interface on
           my firewall--if someone manages to use it, power to them.  Use
           SSL/TLS/ipsec for all your important shit anyway, and run a packet
           filter on your wifi clients.  -John
	...

12/1    Anyone ever heard of a VPN service provider, e.g. someone who would
        provide a well-connected endpoint for you to establish an IPsec or CIPE
        VPN connection (over whatever consumer ISP and changing IP addresses
        you have locally)? --karlcz
        \_ I don't think I understand correctly, but you actually want a
           middleman on your supposedly secure channel?
	...

4/4     I just bought some wireless LAN stuff and googled when I came home. I
        came across WPA, which one of my purchase has.  So is this a big loss?
        With so many WEP only devices out there, is WPA or its successor
        11i really going to take hold?  And is WPA really any better than
        WEP?  (Some slash dot article said otherwise but I lack the technical
        knowledge to judge.)
	...