Michael Tinsay wrote: > Based on my experience, Openswan is (a) pretty easy to > configure, and
Not as easy as OpenVPN in my experience. > (b) I haven't had the need to patch a > kernel for it, though I'm using a 2.4 kernel with > KLIPS, as I prefer to have an ipsec0 interface. Lucky you that you already have a patched kernel. I suppose many modern distributions already incorporate the kernel patches necessary for IPsec support. > Haven't tested it where one endpoint is behind a NAT. > I have. Out of the box it doesn't work at all. There are supposed to be patches for OpenS/WAN to provide NAT traversal capability, but I've experienced other problems with them, e.g. trouble with path MTU discovery. Since in my experience I have almost never gotten a routable IP address while traveling as a road warrior, any VPN protocol that has trouble dealing with network address translation is completely worthless as far as that is concerned. > There is no openvpn client for windoze and wince. If > you're planning to have Windows and WinCE/PocketPC VPN > roadwarriors, openswan is the choice between the two, > though there are other alternatives like PPTP. False. There is an OpenVPN client for Windows, apparently they've had one ever since. We have used it, and while it does have some limitations compared to the GNU/Linux client, it works well enough for our Windows-based road warriors. And whatever you do, stay away from MPPE/MS-PPTP. The security record on that protocol is horrible, to say the least. -- What this country needs is more unemployed politicians. http://stormwyrm.blogspot.com/ _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
