Implementing VPN
Leonard Isham
leonard.isham at gmail.com
Wed Dec 22 15:16:53 UTC 2004
On Wed, 22 Dec 2004 08:57:11 -0600, Aleksandar Milivojevic
<amilivojevic at pbl.ca> wrote:
> R. S. Patil wrote:
> > When searched on google i got two three options like
> > FreeS/WAN, StrongS/WAN, OpenS/WAN and Open VPN.
>
> The *S/WANs are all IPSec implementations. 2.6 kernels has native
> IPSec, so you really don't need them anymore. Unless you already have
> infrastructure that uses them and/or are very familiar with them, I'd
> just go with Linux native IPSec.
>
> OpenVPN is user-land implementation. Another user-land implementation
> is VTun.
>
> Both (IPSec and user-land stuff) have advantages and disadvantages.
> IPSec (in combination with auto-rekeying and x509 certificates) is
> probably the best way to go, but you'll need to do some reading to
> understand how it works. On the other hand user-land stuff like VTun is
> very easy to understand and configure (you can get it up and running in
> about 10 minutes, even if you are completely new to it). OpenVPN is
> somewhere in the middle.
>
OpenVPN is well supported by the user community and is rock solid.
OpenVPN handels dynamic IPs and works with the platforms you
described. Windows users do not have to have administrative rights to
start and stop tunnels.
I have been using OpenVPN since 1.6 Release Canidate days and as
someone that has worked with IPSec including with CheckPoint I highly
recommend OpenVPN.
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list