[CentOS] CentOS VPN server for iPhone

Thu Mar 26 20:21:46 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

Florin Andrei wrote:
>> If you have a decent password (on all accounts) I wouldn't worry about 
>> about it too much.  Move it to an odd port or even require a client 
>> certificate if your client software supports it.
> The non-standard port is a good trick, but even assuming the iPhone does 
> support it (which is far from certain, the interface is very simple and 
> terse), I'm still a bit uncomfortable. All it takes is a stupid buffer 
> overflow, and a script kiddie with patience and a portscanner - even if 
> you send packets to DROP, it's still scannable, it just takes much 
> longer. Port knocking is probably not doable (or not easily) from the 
> iPhone.
> Maybe I don't trust the IMAP server enough to expose it. Maybe I should.

Anything that can survive in a university environment should be safe 
enough for the rest of us.  But the client certificate requirement would 
really nail it down if that's a possibility.  You can do it with stunnel 
if the native IMAP service is difficult to configure for ssl (or even on 
a different internal machine).

   Les Mikesell
    lesmikesell at gmail.com