VPN solution(s) for Fedora Core
H. Peter Anvin
hpa at zytor.com
Mon May 31 07:32:12 UTC 2004
Florin Andrei wrote:
> On Fri, 2004-05-21 at 08:52, Jason Tackaberry wrote:
>
>>I think the other main contender for VPN software in Fedora Core would
>>be Openswan. OpenVPN is portable, comfortable (being in userspace),
>>flexible, and easy, but Openswan implements IPsec which is (mostly)
>>standardized across vendors, and that's certainly a strong selling
>>point, in spite of its complexity.
>
> Openswan is good to keep around, just in case you need to talk to IPSec
> devices. But it's a pain in the butt; it's NAT-unfriendly, free and good
> Windows clients are lacking, interoperability is problematic, etc.
>
Eh?
OpenSWAN 2.1.2 works fine, interoperates fine with *most* IPSec clients,
including WinXP, and supports NAT-T (a.k.a. IPSec over UDP), so there
shouldn't be any problems.
I have been running OpenSWAN for a while now and the only problem I've
had with it is its somewhat limited handling of aggressive mode (which
FreeSWAN didn't implement due to its known security holes.)
-hpa
More information about the fedora-devel-list
mailing list