Author: Michael Tinsay Date: To: Philippine Linux Users' Group (PLUG) Technical Discussion List New-Topics: [plug] Web and Ping query Subject: Re: [plug] VPN design from a newbie's point of view
--- Rafael 'Dido' Sevilla <dido@???> wrote:
> use OpenVPN . Unlike IPsec (OpenS/WAN ), it
> is very easy to
> configure, doesn't require kernel patching, and most
> importantly for our
> applications (routers configurable only by those who
> know as much
> Japanese as we know about networking and itinerant
> road warriors), it
> plays nice with network address translation.
I use both OpenS/WAN and OpenVPN. I use openswan for
site-to-site. I'm only using OpenVPN for a
WeRoam-equipped PC that I use as a backup if our DSL
connection is down.
Based on my experience, Openswan is (a) pretty easy to
configure, and (b) I haven't had the need to patch a
kernel for it, though I'm using a 2.4 kernel with
KLIPS, as I prefer to have an ipsec0 interface.
Haven't tested it where one endpoint is behind a NAT.
There is no openvpn client for windoze and wince. If
you're planning to have Windows and WinCE/PocketPC VPN
roadwarriors, openswan is the choice between the two,
though there are other alternatives like PPTP.