On Mon, 6 Dec 2010 05:38:14 +0100
<J.Witvliet(a)mindef.nl> wrote:
Does not agree,
"People" claim that openvpn is supposedly easier to configure,
compared with *swan.
Indeed. At least part of it is going to be a personal preference.
If you know and have used ipsec for a long time thats likely to be
easier for you. ;)
However, for a _very_ simple tunnel that migth be true, but most of
the problems people encounter with ipsec are often related to either
certificates, CA's, routing, or smartcards. And they will encouter
likewise problems (but other syntax) when using openvpn.
When confronted with more complex network setup (mesh topology),
scalability, or ipv6 your best (or even only) option remains ipsec.
I'll disagree with you there. I have setup openvpn in all kinds of
setups. ;) It's a great deal more flexable. It can bridge or route, it
can work on any port udp or tcp, it can go through proxies, it uses the
normal bridging/routing tools as any other real device.
Interoperability with existing vpn products? Forget openvpn!
Indeed. You need openvpn on both ends. If you don't control one end
point, ipsec may be your only/best choice.
Even for very simple hapsnap tunnels one might even consider the
tunnel capabilities of openssh.....
ssh performs pretty poorly in some cases, doesn't automatically
reconnect, requires a higher level of access, only works over tcp, etc.
Hw
kevin
--
----- Oorspronkelijk bericht -----
Van: users-bounces(a)lists.fedoraproject.org
<users-bounces(a)lists.fedoraproject.org> Aan:
users(a)lists.fedoraproject.org <users(a)lists.fedoraproject.org>
Verzonden: Sat Dec 04 21:41:35 2010 Onderwerp: Re: VPN/IPSEC tunnel
On Sat, 04 Dec 2010 13:32:04 -0430
Patrick O'Callaghan <pocallaghan(a)gmail.com> wrote:
> On Sat, 2010-12-04 at 18:57 +0100, Luc MAIGNAN wrote:
> > Is openVPN can make IPSec tunnels or just SSL ?
>
> I believe it's fully IPSec compliant.
Nope. Openvpn uses it's own ssl based protocol. It cannot directly
interoperate with ipsec tunnels. ;)
That said, if you have control over both endpoints, IMHO openvpn is a
vastly better choice than ipsec.
kevin
______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd.
Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u
is toegezonden, wordt u verzocht dat aan de afzender te melden en het
bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid
voor schade, van welke aard ook, die verband houdt met risico's
verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If
you are not the addressee or if this message was sent to you by
mistake, you are requested to inform the sender and delete the
message. The State accepts no liability for damage of any kind
resulting from the risks inherent in the electronic transmission of
messages.