Well, apparently, the Internet masses have risen up and declared me an a***ole. You know what, they just might be right. I do tend to be arrogant. I do tend to be ego-centric. I do tend to be a jerk. Maybe I should work on that. Random people on the Internet may like me and my site better if I do a better job at being nice.
Ick… nice. That one’s going to be tough. I’ll have to get back to me on that one.
(there I go talking about myself again. :oP)
Here is a nice graphic so everyone can see that of which I talk:
LEGEND:
They cut through the gas station and cut you off while entering the normal entrance down by the first US 36 shield, all so they can beat the traffic light. They frequently cut across the corner of the Bob Evans parking lot. Although the Bob Evans parking lot is maintained by the Bob Evans people, the lot is physically connected most of the way around without any barriers. That corner of the lot is the busiest entrance/egress place, and noone turns that corner correctly, and often there are backups because noone follows the simple painted lines telling them where to be. If noone is parked at the corner of Bob Evans parking lot, people cut across. When the come in any entrance, they shoot across any open area where there are no cars in order to get a random parking space close to the Kroger. Its like if they see some arbitrary parking space they just must have and switch into some sort of autonamous tunnel-vision stupid robot mode and head for that space without regard to any object or barrier, especially if said object/barrier is in it’s rightful place and most especially if said object/barrier just so happens to be a vehicle in motion.
URGH!!! I am so freaking frustrated. I cannot find a single VPN solution that will work for my specific situation.
Here is what I want to do: I want to set up a piece of software/OS Feature on my Windows Server 2003 machine that takes incoming connections, encrypts them and authenticates against Active Directory, but only uses one TCP and/or UDP port and uses no wacky protocols. I should only have to port-forward ONE FLIPPING PORT on my router and should not requre any special “passthrough” crap. I should not have to pre-generate any special encryption keys; this should be done transparently using a public key cipher system so I dont have to know/remember/hand configure anything. I should not have to memorize any g**damn command lines or install Java either on my server or my client to use the software. I shouldn’t have to put my VPN server in a DMZ. I shoudn’t have to buy specialized hardware. It should JUST FRIGGIN WORK. How hard is that do f**king do?
Microsoft’s PPTP and L2TP implementations both fall short of working in this regard. PPTP uses only one port, but has to use GRE Protocol 47. My router, (which so happens to be my VoIP Adapter), does not support passing through GRE 47. Therefore, PPTP does not work. L2TP requires very “virgin” packets. NAT’s have to do weird things to the packets in order to NAT, so although L2TP doesn’t use weird protocols, it fails because the packets are not “pristine”.
I looked at a couple other solutions, mainly SSL VPN style solutions. The first one, SSL-Explorer simply blows. It does not install properly 80% of the time.You have to have an old version of Java in order for it to run, it has to be installed and confirmed to be working before you EVER double click the VPN installer. The configuration hangs when you try to set it up to authenticate against Active Directory. If you have to stop in the middle of the installation/configuration process for any reason, the software will never again “work” (if you can call it working) unless you complete uninstall the application and reinstall it. NIGHTMARE!
Then, I looked at OpenVPN. Its designed primarily for Linux, but works too on Windows. It has no authentication, other than encryption keys, which you have to generate by yourself. No, the software will not generate them during installation, becuase that would be, you know, helpful. Everything is command line driven. You have to know pathnames. While the VPN is running, you have ugly CLI boxes on the screen. And worst of all, NO ACTIVE DIRECTORY INTEGRATION. It DOES, however, work on only one port and requires no wacky protocols.
Why do I have to go through this hell? All because the VoIP service I use “requires” me to use the VoIP adapter as my router, or else the serivce skips, stutters, echoes, and all other manner of nasty. All because the Sipura/Linksys SPA-2000 DOESNT DO GRE PROTOCOL 47 PASSTHROUGH.
Here is how I see a proper VPN working:
Of course, the encryption schemes used could certainly be more sophisticated if necessary, but the basic framework should be as above. This would allow VPNs to EASILY work behind a NAT without any wackiness. How difficult is that to do? It seems quite a bit easier to me to do than using wacky unrouteable protocols and 573,000 layers of stupid. But, as I have found out, apparently, it is not.
Ah, the first in what is likely to be a long line of rants about crap and stupid people. First rant: the Kroger Parking Lot
What happens when you combine the low average IQ of the local townspeople and the badly designed Kroger parking lot? A really angry Inanis, that’s what. Please, let me explain.
Like most parking lots, the local Kroger parking lot is laid out in rows, two rows of parking spaces, and a double wide lane for driving between them. At all the edges of the lot are “feeder” lanes where cars enter and exit the smaller lanes that run through the middle. The problem is that there are no “islands” to cap the ends of the car rows, nor are there any barriers down the center of the car rows. This allows drivers (read: idiots) to cut across the parking lot. Invariably, this is what happens.
Idiot drivers will come into the parking lot at one corner and cut across 10-20 lanes of parking spaces at a 45 degree angle, at will, with no regard for the normal driving lanes. Is someone driving around the outside? Someone coming down one of the lanes? They don’t care. They cut across anyway. When you park there, you have to literally do a 3x 360 degree look-about to make sure noone is careening into your rightful path, and even then they still might pop up unexpectedly from behind a row of cars.
Here’s the good part. When they do this, and you happen to be in a rightful driving lane and they cut you off, or heaven forbid you accidentally cut them off do they yield right of way or throw up a hand to apoligize? No. They honk their horn, flip you off, shout obscenities out the window and all but jump out of the car and beat you with a large blunt instrument.
This town is full of complete idiots.