Rich Mingin (PLUG) on 6 Nov 2015 11:23:34 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] [plug-announce] Wed, Nov 4, 2015: PLUG Central - "OpenVPN" by Keith C. Perry (7pm at USP)

It's "Embrace, Extend, Extinguish", Keith. Any Microsoft refugee from the last 20 years should know that one, and have seen it in action at least once.

Also, speaking only for myself, I found the WHY to be the most valuable part of the presentation. Not meaning any insult to the rest, but the WHY sections gave valuable background and insight into why IPSec is around, why it's not the premiere/default standard (yet), and also why it should be. Hearing about how VPN/SSH/IPSec all interrelate seems like it'll be valuable in the future as well.

I went into last night with an unspoken "Oh, VPN, I know VPN, I guess I'll go anyways" and came out with a desire to setup an IPSec VPN endpoint or three, and to tinker with some certs from external CAs (Let's Encrypt came to mind, there are tons of others like FreeSSL), so I'd say you had a very good balance of background and current info.

On Fri, Nov 6, 2015 at 2:11 PM, Chris Norton <chris@nortoninc.info> wrote:
 Keith,

By all means, keep talking about the why. There is not enough WHY being discussed at this time. A lot of "just make it work" is all I ever hear.


Good job.

On Fri, Nov 6, 2015 at 2:10 PM, Keith C. Perry <kperry@daotechnologies.com> wrote:
Thanks Mike!

I know I was a bit heavy on the history with this talk but that instructor DNA in me usually biases towards wanting to provide a context for technology.  So many things change so quickly in our world that the "why" gets lost and we end of "solving" things that don't need to be solved or we add features before we fix problems.

The phrase of the night was "extend and update" (or as Rich M put it... "extend and destroy") hits on that point.

If I do give this talk again though, I'll speed up the historical part so that I can actually do more live configuration instead of just showing the completed files.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Owner, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com

----- Original Message -----
From: "Michael DePaulo" <mikedep333@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Thursday, November 5, 2015 10:00:26 PM
Subject: Re: [PLUG] [plug-announce] Wed, Nov 4, 2015: PLUG Central - "OpenVPN" by Keith C. Perry (7pm at USP)

On Thu, Nov 5, 2015 at 9:40 PM, Guo Yixuan <culu.gyx@gmail.com> wrote:
>
>
> On Mon, Nov 2, 2015 at 8:56 PM, Paul L. Snyder <plsnyder@drexel.edu> wrote:
>>
>> PLUG Central will be meeting on Wednesday, November 4, at USP in
>> Philadelpha, beginning at 7pm. Directions to the meeting location
>> at the University of the Sciences in Philadelphia can be found at
>> the end of this email.
>>
>> This month's meeting features a return performance by Keith C. Perry,
>> with a presentation on OpenVPN. Stop in and find out more about how
>> to secure your Internet connections using this FOSS SSL/TLS-based
>> VPN solution.
>>
>>   http://openvpn.net
>>   http://www.daotechnologies.com/
>>
>
> Thanks for the talk! The VoIP over OpenVPN demo with Jitsi and Zoiper is
> really impressive.
>
> [...]
>
> Also, I remember there was some discussion on security, and some webpage (of
> a security talk series?) was showed, but I can't recall the full name of it.
> Did we retain a bookmark set of those tabs opened during that discussion?
>
> Cheers,
> Yixuan

I also want to thank Keith on this excellent talk!

Ever since I began my IT career (1st internship in 2001 at age 15), I
have wondered why IPSec VPNs were considered antiquated. Around 2002
to 2004, I chose to use PPTP instead, including poptop for Linux
servers. PPTP was so much easier to setup!

Now I understand why IPSec VPNs were considered antiquated.

I have recently come to learn that many designs we encounter today do
not make sense at all unless you understand the history of prior
designs. Keith's talk was the perfect demonstration of this.

BTW, for those who are wondering why you should not use PPTP, this
Wikipedia section seems to explain it well:
https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security

-Mike
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug