Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes: > And how many routers and firewalls out there do support OpenVPN? Do > Cisco routers support it?
Neither I, nor anyone else here, seems to be saying that OpenVPN is a replacement for IPsec. There's overlap, but there are applications that are more suited to one than to the other. As implementations of IPsec mature, its share should increase. (Today, you can still not take for granted that two IPsec VPN products will work seamlessly together.) I believe (but am more than ready to be proven wrong) that implementing the type of VPN that I'm using would be a real bitch with IPsec. I've got a portable computer that sends and receives quite a bit of sensitive data over insecure protocols, such as remote file system access -- and SIP, of course. :-) I carry this computer with me, and want to be able to use it wherever I can get hold of some sort of Internet connection. This might be by borrowing a real IP address somewhere, getting a DHCP-allocated RFC-1918 address behind some NAT gateway, or whatever. I have to expect there to be a firewall as well. An important requirement is that all sessions should survive when I suspend the computer, and then resume it somewhere else, where it gets a completely new access method to the Internet. For instance, while I'm directly connected by UTP cable at work, I open ssh sessions to various computers, I start a SIP-based soft phone, and, of course, I am connected to my remote file system server. I suspend the computer without logging out of anything, and later resume it in a place where there's a wireless hot spot that I'm allowed to access. I expect to be able to continue typing commands in those ssh sessions, receive telephone calls, and use the file system, immediately upon resuming. I need this to work completely NAT proof, and with no requirements for holes in firewalls other than being able to send a UDP packet out, and getting a responding packet back to the same port. It must also work without the suspend/resume: I need to be able to unplug my laptop's UTP cable to carry it into a meeting, and expect everything to keep working through a completely seamless transition to wireless mode. Of course, my laptop needs to have a fixed DNS name and IP address that never change, so it can be reached from the outside when needed. With OpenVPN running on my laptop, and on a VPN gateway system back home, this Just Works. OpenVPN handles the whole thing, it's well secured, all traffic is encrypted, and it automatically ensures that no traffic is sent or received by my laptop outside the VPN tunnel. I actually started looking into how to get comparable functionality based on IPsec, but my mind boggled, and now I do it the easy way. -tih -- Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting www.eunet.no T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145 _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
