VPN solution(s) for Fedora Core

H. Peter Anvin hpa at zytor.com
Mon May 31 07:32:12 UTC 2004


Florin Andrei wrote:
> On Fri, 2004-05-21 at 08:52, Jason Tackaberry wrote:
>                     
>>I think the other main contender for VPN software in Fedora Core would
>>be Openswan.  OpenVPN is portable, comfortable (being in userspace),
>>flexible, and easy, but Openswan implements IPsec which is (mostly)
>>standardized across vendors, and that's certainly a strong selling
>>point, in spite of its complexity.
> 
> Openswan is good to keep around, just in case you need to talk to IPSec
> devices. But it's a pain in the butt; it's NAT-unfriendly, free and good
> Windows clients are lacking, interoperability is problematic, etc.
> 

Eh?

OpenSWAN 2.1.2 works fine, interoperates fine with *most* IPSec clients, 
including WinXP, and supports NAT-T (a.k.a. IPSec over UDP), so there 
shouldn't be any problems.

I have been running OpenSWAN for a while now and the only problem I've 
had with it is its somewhat limited handling of aggressive mode (which 
FreeSWAN didn't implement due to its known security holes.)

	-hpa





More information about the fedora-devel-list mailing list