[ale] VPN choices...

David Corbin dcorbin at machturtle.com
Tue Mar 8 11:13:27 EST 2005


On Tuesday 08 March 2005 10:24 am, Michael H. Warfield wrote:
> On Tue, 2005-03-08 at 08:38 -0500, David Corbin wrote:
> > Our IT guy is looking to replace our current VPN solution.  Of course,
> > I'd like to see him using something Linux compatible, but he's a very
> > MS-kind-of-guy. So, the question is, what Linux based firewall/VPN
> > solutions are available that meet these requirements:
> >
> > 1) Must have support for Windows clients (XP, XP Home, 2000, at a guess).
> > 2) Must be able to configure a Linux client for it, but doesn't have to
> > be as trivial :)
>
>  Either IPSec NAT-T or OpenVPN should work just fine for the above two
> points.  IPSec NAT-T is supported by Windows XP (and you wouldn't need
> an add on VPN client) and should be available for Windows 2K.  OpenVPN
> has support for Windows versions.
>
> > 3) Must be simple to setup for a non Linux guru.
>
>  IPSec is part of XP and integrated in rather nicely into that paradigm.
> Windows people should have no problem setting it up since it's a Windows
> thingy.  Openswan, Strongswan, can support Windows VPN clients under
> IPSec NAT-T.  But it is NOT a simple setup for a non Linux guru.  (Was
> that meant to mean that you are a "non-Linux" guru, like a Windows guru,
> or that you are a non "Linux guru", just not a guru for Linux?  Big
> difference there!)  

Well, the guy in question is not a guru of any type (as far as I've seen), but 
particularly for Linux.

> I can't really judge on the ease of setting up 
> OpenVPN on Windows.  I've recently been looking at the OpenVPN 2.0
> release candidates and there is a vast improvement in 2.0, which
> includes a multiclient server mode, over the 1.6 version which is purely
> peer-to-peer and (IMHO) doesn't scale well where you have lots of
> systems in a mesh (1.x you had to allocate UDP ports by hand and manage
> who was using what port with multiple clients on each system).
>
> > 4) Ideally, a drop in Live CD would probably be a good thing :)
>
>  I would check out www.distrowatch.org and see what they list for the
> various bootable distributions.  Several come with VPN's including
> OpenVPN and IPSec.
>
> > David
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
> 	Mike



More information about the Ale mailing list