[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: VPN solution(s) for Fedora Core

From: "H. Peter Anvin" <hpa zytor com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: VPN solution(s) for Fedora Core
Date: Mon, 31 May 2004 00:32:12 -0700

Florin Andrei wrote:

On Fri, 2004-05-21 at 08:52, Jason Tackaberry wrote:

I think the other main contender for VPN software in Fedora Core would
be Openswan.  OpenVPN is portable, comfortable (being in userspace),
flexible, and easy, but Openswan implements IPsec which is (mostly)
standardized across vendors, and that's certainly a strong selling
point, in spite of its complexity.


Openswan is good to keep around, just in case you need to talk to IPSec
devices. But it's a pain in the butt; it's NAT-unfriendly, free and good
Windows clients are lacking, interoperability is problematic, etc.

Eh?

OpenSWAN 2.1.2 works fine, interoperates fine with *most* IPSec clients, including WinXP, and supports NAT-T (a.k.a. IPSec over UDP), so there shouldn't be any problems.

I have been running OpenSWAN for a while now and the only problem I've had with it is its somewhat limited handling of aggressive mode (which FreeSWAN didn't implement due to its known security holes.)

-hpa

References:
- VPN solution(s) for Fedora Core
  - From: Jason Tackaberry
- Re: VPN solution(s) for Fedora Core
  - From: Florin Andrei

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]