--- Rafael 'Dido' Sevilla <[EMAIL PROTECTED]> wrote: > use OpenVPN [1]. Unlike IPsec (OpenS/WAN [2]), it > is very easy to > configure, doesn't require kernel patching, and most > importantly for our > applications (routers configurable only by those who > know as much > Japanese as we know about networking and itinerant > road warriors), it > plays nice with network address translation.
I use both OpenS/WAN and OpenVPN. I use openswan for site-to-site. I'm only using OpenVPN for a WeRoam-equipped PC that I use as a backup if our DSL connection is down. Based on my experience, Openswan is (a) pretty easy to configure, and (b) I haven't had the need to patch a kernel for it, though I'm using a 2.4 kernel with KLIPS, as I prefer to have an ipsec0 interface. Haven't tested it where one endpoint is behind a NAT. There is no openvpn client for windoze and wince. If you're planning to have Windows and WinCE/PocketPC VPN roadwarriors, openswan is the choice between the two, though there are other alternatives like PPTP. ---mike t. > However, IPsec is still > the industry standard, so if you don't do NAT (lucky > you), or if one end > has networking hardware that implements it (e.g. a > Netscreen or a Cisco > PIX firewall), that might be the best way to go. > > [1] http://www.openvpn.net > [2] http://www.openswan.org > > -- > What this country needs is more unemployed > politicians. > http://stormwyrm.blogspot.com/ > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
