 |
|
There are two authors on the front cover, two more authors in the "About the Authors" section (Chris Davis and Chris Mongold), and two technical reviewers on the facing page (Liam Noonan and Greg Barnes). First time I have seen tech reviewers get as much coverage as much exposure as the principal authors. With so many fingers in the pie, how well does it hang together? It's okay, there are no blatant shifts, but it does feel like the work of at least two authors. The first two parts ("Virtual Private Networks" and "Implementing Standard VPN Protocols") feel like the work of one author. The third part ("Implementing Nonstandard Protocols") feels like a different author. For example, Part II has a short dependencies section near the beginning of each chapter and is tightly focused. Part III does not list the dependencies and has more examples. They ramble a bit and overlap each other. Part III repeats some basics already covered in Part II. Perhaps unavoidable with multiple authors, but somebody should have caught it. (This is why I give the editing a low score.)
This book covers seven protocols: PPP over SSH, PPP over SSL/TLS, IPsec, PPTP, VTun, cIPe, and tinc). There is considerable overlap in functionality among them. The authors discuss when and why to use each, and their problems and vulnerabilities. Obviously, all seven have Linux implementations. Most also have Unix implementations. cIPe has a Windows NT port. IPsec is an Internet standard and so the best bet for a heterogeneous environment. Appendix A covers many of the commercial IPsec implementations. PPTP is a PPP enhancement developed by Microsoft that is adequate for supporting road warriors with Windows laptops. Version 1 has some serious holes and has been replaced by Version 2 which also has some vulnerabilities. Until Linux achieves World Domination, interoperability with Windows is a reality that needs to be supported. I'm glad the chapter on PPTP is included.
Since I already had all the pieces installed, I tried out the PPP over SSH example. The author does a good job of leading you through the set up and verifying all the pieces are working. However, in the final step, the two sides just would not connect. It took me three days to figure out that on old hardware (486s), the SSH handshake takes longer than the PPP default 1000 millisecond timeout. Changing it with the "connect-delay 2000" PPP option solved my problem. The troubleshooting help in this chapter is very basic. The authors do helpfully list that PPP 2.3.7 or later is required. This was one of the versions I was using, so having that problem settled was nice. They point out that the VPN mini-HOWTO is dated. In some respects this is true, but hang on to it for PPP and kernel configuration. Just ignore the part on redir-pty (redirect psuedo-TTY), this functionality was incorporated in PPP 2.3.7.
Chapter 8 on VTun contains four of the six errors I found. One is trivial - the text says one line and the example shows two lines. Several would be troublesome for a novice (IP addresses off by one) but should be caught easily. But several are confusing. All examples in the book use Class C private IP addresses (192.168.x.x), except for several Class A addresses (10.x.x.x) that slipped into the routing table on page 253. This chapter appears to have been written for a different audience and later adapted for inclusion in this book.
There is an errata page on the authors Web site, www.buildinglinuxvpns.net. If you buy the book, visit this site to update your copy. Even if you don't, visit it, there are links to related topics like vulnerabilities recently found in cIPe, VTun, and tinc.
When you need to get a VPN up in a week or less, this is a good book to have. It is basically a HOWTO book with just enough general VPN material to support the HOWTO sections. If you want more in-depth material, try "Virtual Private Networks" by Yuan and Strayer. It, on the other hand, is short on HOWTOs but has more details like packet formats and covers more protocols.
I like this book and have no reservations about recommending it for an experienced Linux user needing a VPN.
-- Jeffrey Taylor (jeff.taylor@ieee.org)
|
Explanation of ERCB rating scale:
|
