Linux VPN server and client

Hello,

I have written a Java application which needs to access an external
mysql-database. To secure the connection I would like to use a VPN.
Perhaps someone has experience with strongSwan as server? Smartcard-
support is also needed, because my java-app uses a javacard to encrypt
data, so I also want to use it for the VPN-auth.

Perhaps someone also knows a good small client, which I can call from
my Java-App, so the user do not have to open the VPN client by
himself.

Regards,

Susanne

Am Mon, 26 Nov 2007 05:50:28 -0800 schrieb (E-Mail Removed):

> Hello,
>
> I have written a Java application which needs to access an external
> mysql-database. To secure the connection I would like to use a VPN.
> Perhaps someone has experience with strongSwan as server? Smartcard-
> support is also needed, because my java-app uses a javacard to encrypt
> data, so I also want to use it for the VPN-auth.
>
> Perhaps someone also knows a good small client, which I can call from
> my Java-App, so the user do not have to open the VPN client by
> himself.
>
> Regards,
>
> Susanne

Hello,

at the very first what is a javacard?
Usually you have 3 kinds of authentication challenges (IPSec).
1. preshared key (password auth)
2. via public rsa key (usually kept in DNS)
3. via CA (you can build your own PKI)

What I don't understand is the smatcard thingy to encrypt the data, if you
have a tunnel successfull established then you have a secure and encrypted
connection.
Do you want an userauth. via smartcard?

cheers

Ok, I have a smartcard according to the javacard 2.2.1 standard. The
java card encrypts and decrypts data that is send to my server (writes
it into a mysql-db). The data is encypted, but I don't want the mysql-
db to be that open. So I want to establish a VPN between the client
and the server. I want to create my own CA and the data for login to
the VPN-Server should be oncard. So the VPN-client soft reads it from
the card and uses it to login to the VPN-Server.

regards,

Susanne

Am Wed, 28 Nov 2007 02:34:27 -0800 schrieb (E-Mail Removed):

> Ok, I have a smartcard according to the javacard 2.2.1 standard. The
> java card encrypts and decrypts data that is send to my server (writes
> it into a mysql-db). The data is encypted, but I don't want the mysql-
> db to be that open. So I want to establish a VPN between the client
> and the server. I want to create my own CA and the data for login to
> the VPN-Server should be oncard. So the VPN-client soft reads it from
> the card and uses it to login to the VPN-Server.

Ok got it, the only thing is it makes no sense get a vpn server on a card.
But use the card as client with the clientcert signed by your CA.
Another way what I think you could also do, use the mysql SSL connection
and filter on the server the src-ip's on a firewall, how about that?

cheers

> Ok got it, the only thing is it makes no sense get a vpn server on a card.
> But use the card as client with the clientcert signed by your CA.

The card should only be the storage of the clientcert.

> Another way what I think you could also do, use the mysql SSL connection
> and filter on the server the src-ip's on a firewall, how about that?

Ok, this would also be a solution....I will think about it, but at
next I will try to get information about the keyfile storage on a
smartcard, because I have to be sure not to overwrite my other
javacard-applet.

Regards,

Susanne