LISA '03 Abstract
Pp. 87-94 of the Proceedings
EasyVPN: IPsec Remote Access Made Easy
Mark C. Benvenuto and Angelos D. Keromytis, Columbia
Telecommuting and access over a Wireless LAN require strong security
at the network level. Although IPsec is well-suited for this task, it
is difficult to configure and operate a large number of clients. To
address this problem, we leverage the almost universal deployment and
use of web browsers capable of SSL/TLS connections to web servers and
the familiarity of users with such an interface. We use this
mechanism to create configurations and certificates that will be
downloaded to the user's machine and be used by a program to perform
all configuration on the user's system.
Our system builds on common security protocols and standards such as
IKE, X.509, and SSL/TLS to provide users with a secure-access
environment that "just works." One of the main goals of the system is
ease of use both for the users and the system administrators that
maintain the infrastructure. We describe our implementation that uses
Linux FreeS/WAN and Windows to show the practicality of the approach.
- View the full text of this paper in HTML or
Until October 2004, you will need your USENIX membership
identification in order to access the full papers. The
Proceedings are published as a collective work, © 2003 by
the USENIX Association. All Rights Reserved. Rights to individual
papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the
complete work for educational or research purposes. USENIX
acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it