On Thu, Jan 3, 2013 at 10:21 AM, Girish Venkatachalam <[email protected]> wrote: >> Way better than IPSec for ease of installation, support/maintenance >> and supporting variety of client OSes. > > I agree. But IPsec has its place.
IPSec was one of the earliest and by legacy has its place. It is pretty cumbersome to configure. IPSec is largely driven by equipment vendors. In a box that we (CPE and ISP edge/periphery box) built in my past life, we had only IPSec - conformity to be able to interop with other boxes. The biggest issue was being able to run multi port applications on a NAT. NAT Traversal (something that we did implement) was another convoluted protocol spec. Largely, because it was bolt on to a non-NAT friendly protocol. We did not have OpenVPN on the box though it was possible.:( Customer demand was close to zero and thus engineering effort to integrate it was not justifiable. IPSec works well for site to site VPNs largely within the same organisation where it provide a simple pipe and no NAT is needed. It is a nightmare to configure IPSec Road Warrior especially on Windows which ran the CISCO client. I found OpenVPN and SSH based VPNs to be far easier to implement for the same use. In the same place where we developed the box, we used OpenVPN for our internal use for RW and site to site. -- Mohan Sundaram _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
