Best VPN solution

[ed at hp.uab.edu]

On Mon, 28 Jan 2008, Jeffrey Tadlock wrote:

> 2008/1/28  <arunbkn at aol.in>:
>> Can any body suggest me the best VPN solution available on fedora
>> (preferably 8). I would like to setup a VPN server at my end, such that
>> users (windows ) at remote places can access our server securly. And can
>> protact from web attacks.
>
> As already suggested, I would certainly take a look at OpenVPN [1] to
> see if it meets your needs.  From my experience it worked well with
> Windows boxes and will also work for cases where you want site to site
> VPNs.  The flexibility and reliability you get outweighed the factor
> of needing to install software on the Windows client.
>
> --Jeffrey
>

I have to agree, I used openVPN with 10 developers working 20% from home. 
sure there are issues, so here is my $0.02:

1) deployment of VPN server is easy
2) deployment of RSA keys is a little tricky, but easy
      revocation of RSA keys is a little hard, but you can do that at your
      pace
3) deployment of openVPN on clients is easy
4) deployment of RSA keys to clients was done via zip file with
      'startVPN.bat' script for starting
5) having users keep the VPN Client running (they closed the cmd window)
      took some training

Now some users' home routers did not like the UDP connectivity of openVPN. 
So, I setup another VPN daemon to use TCP - with all the same permissions. 
and those users that have problems with UDP just use TCP.

I setup the openVPN in bridge mode - it simplifies much of the routing.

Some users complain of a delay in resolving network resources inside the 
office, so it takes some time for some computers to see where the wins 
server is located and to do broadcasts... But don't ask me, its been 15 
years since anyone called me a windows guy.

ed

p.s. Another note, I have a wireless access point in the office - not 
connected to the internal network. Users who want access to office 
resources from the wireless need to run their VPN client.