Opinion: Best VPN to use with Fedora/Windows

[Leonard Isham]

On Sun, 09 Jan 2005 16:31:51 -0700, Kevin Fries <kevin at hcico.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> OK, I know this type of question always has the danger of starting a
> flame war, that is not my intention, so I ask ahead of time to keep
> the rhetoric down.
> 
> I am beginning to think about installing VPN services.  Being that our
> servers are all Fedora, this seems like a logical place to start my
> quest for knowledge.  Our network is small, but my users are somewhat
> mobile.  I have essentially two servers: the inside server; and the
> outside server.  All our desktops, except my desktop, my laptop, and
> the guest office kiosk, are Windows 2000.
> 
> When my guys go on the road, they sometimes need to get information
> from the shares on either someone's desktop, or off a SAMBA share
> hosted on the internal server.  Right now, they are using a FTP server
> that essentially does a soft chroot into their home directories on the
> public server, then I build symbolic links to mounted resources to
> give them access to what they want.  This system works, but is not as
> stable as I would like (stale NFS links, other machine problems, etc).
> 
> What I would like is to find a VPN solution that I can host on one of
> my servers (internal and external are only indications of their
> primary purpose, the internal server does have Internet access and is
> used as a backup DNS and Postfix server) to allow my guys on the road
> the ability to see the internal network resources.  This includes but
> is not limited to the SMB shares and printers.  I would also like this
> solution to have Linux and Mac equivalents.
> 
> All our account information is stored in an LDAP server, which is
> retrieved via PAM and the PADL tools.  I am slowly reconfiguring my
> software to take the information from the LDAP server directly, and
> would like to limit my options to products that can be configured that
> way.  Since I only store accounts in LDAP, it is not critical that all
> settings be stored that way.  Postfix is a perfect example: config in
> /etc/postfix but can pull valid users from LDAP.  I would also like to
> enable or disable accounts with the use of a objectclass.  Users with
> an objectclass of vpnUser for example can use the VPN, otherwise,
> account not found.
> 
> Does anyone else have this Linux back end / Windows & Linux desktop
> setup that is also providing VPN services?
> 
> What are you using?
> 
> What makes you do the happy dance about your solution?
> 
> What makes you curse like a sailor on shore leave about your solution?
> 
> Thanks in advance
> Kevin Fries
[snip]

OpenVPN hands down no question in my mind.

Cross platform *nix (Linux, BSD, etc.) Windows 2000 and up.

I have been using it since 1.6 Release canidate and it has been rock
solid.  It is a true SSL based VPN solution built to be secure and
reliable.

openvpn.sourceforge.net


-- 
Leonard Isham, CISSP 
Ostendo non ostento.