On Tue, 27 Sep 2005 at 12:37 -0600, Chris Carey wrote: > > >I might agree with you if it weren't for openvpn, but setting up openvpn > > >is MUCH simpler than playing firmware games with your router. Maybe > > >you'd like to know that openvpn is very easy to work with NATs and > > >firewalls (just forward port 1194 udp), runs on linux, windows, and mac, > > >and uses time-proven openssl libraries, and is quite simple to configure > > >compared to ipsec or pptp or other vpn technologies. > > > > > > > > I agree, there is nothing to setup for OpenVPN... very simple. The > > router does not have to do anything but let > > the OpenVPN port through. I choose it for its simplicity and > > transparancy to NAT. > > > > OpenVPN sounds very cool and I plan to look into it. Does it require a > custom VPN client on Windows?
Doesn't every VPN? Oh, that's right, there's PPTP. Might as well be using telnet. > I could be wrong since I havent tried it yet, but Id beg to differ on > the claim that setting up OpenVPN is *easier* than doing the same in a > custom firmware. You already said you updated to the latest linksys > firmware. Updating to a custom firmware takes exactly the same effort. > > 1) Upload custom firmware (you already updated to the latest linksys > one - it takes the same ammount of time) > 2) clicking the "on" button for VPN feature > 3) type in the username and password and ip range for clients > 4) Profit! I'm not familiar with the firmwares out there, but which VPN are they using? I've done PPTP and I can promise you that although it can be easy to set up and use in a windows-only environment, it is not easy to set up _properly_ and use in a heterogeneous environment. Not to mention it's insecure. IPSec is never easy, unless you are using proprietary server/clients with default configurations which almost never fit in the real world. IPSec/LLTP is even less easy to set up, and it's the only supported windows configuration without a custom client. But I ramble, let's look at just the facts. Upgrade firmware for linksys: 5 minutes. Upgrade firmware to another firmware that I've never tried before, hoping that it doesn't mess something up and then reconfiguring the router to do what it was doing before and troubleshooting the thing I forgot to reconfigure: more than 5 minutes. Install OpenVPN on one computer: 5 minutes. Copy config files from flash drive and generate a shared secret (which was appropriate for this site), 1 minute. Punch hole through firewall (when not confronted with a crazy linksys bug): 1 minute. (don't forget we've also got a dsl modem to punch through - with openvpn this is one udp port, other vpns require all kinds of magic) Install OpenVPN or setup pptp or ipsec/lltp, or any other vpn, on client box: 5 minutes or so. Find the stupid norton firewall on the openvpn server box that doesn't call itself a firewall and hides the configuration interface, and driving to the remote site and back: 1-2 hours. :-) Draw your own conclusions. I've been around the VPN block, and openvpn is the lowest "TCO" by far, but I've no doubt some of these firmwares make it real easy to get a VPN up and running. Man I can ramble. -- Hans Fugal | If more of us valued food and cheer and http://hans.fugal.net/ | song above hoarded gold, it would be a http://gdmxml.fugal.net/ | merrier world. | -- J.R.R. Tolkien --------------------------------------------------------------------- GnuPG Fingerprint: 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
