Re: [plug] VPN design from a newbie's point of view

Top Page

Reply to this message
Author: Michael Tinsay
Date:  
To: Philippine Linux Users' Group (PLUG) Technical Discussion List
New-Topics: [plug] Web and Ping query
Subject: Re: [plug] VPN design from a newbie's point of view

--- Rafael 'Dido' Sevilla <dido@???> wrote:

> use OpenVPN [1]. Unlike IPsec (OpenS/WAN [2]), it
> is very easy to
> configure, doesn't require kernel patching, and most
> importantly for our
> applications (routers configurable only by those who
> know as much
> Japanese as we know about networking and itinerant
> road warriors), it
> plays nice with network address translation.


I use both OpenS/WAN and OpenVPN. I use openswan for
site-to-site. I'm only using OpenVPN for a
WeRoam-equipped PC that I use as a backup if our DSL
connection is down.

Based on my experience, Openswan is (a) pretty easy to
configure, and (b) I haven't had the need to patch a
kernel for it, though I'm using a 2.4 kernel with
KLIPS, as I prefer to have an ipsec0 interface.
Haven't tested it where one endpoint is behind a NAT.

There is no openvpn client for windoze and wince. If
you're planning to have Windows and WinCE/PocketPC VPN
roadwarriors, openswan is the choice between the two,
though there are other alternatives like PPTP.


---mike t.



> However, IPsec is still
> the industry standard, so if you don't do NAT (lucky
> you), or if one end
> has networking hardware that implements it (e.g. a
> Netscreen or a Cisco
> PIX firewall), that might be the best way to go.
>
> [1] http://www.openvpn.net
> [2] http://www.openswan.org
>
> --
> What this country needs is more unemployed
> politicians.
> http://stormwyrm.blogspot.com/
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> plug@??? (#PLUG @ irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.ph
>


_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@??? (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph