Prasanna Krishnamoorthy wrote:
>>From experience and what I've read, IPSEC is easy to setup and work
> with where there is no natting/firewalling.
> 
> Where there is natting/firewalling IPSEC or the firewall/nat is not so
> trivial to setup.
> 
> Your choice is based on the amount of time you are ready to spend. In
> this two site-scenario, I can bet that OpenVPN would take less than
> 1hr from scratch!
> 
> And as Tom has said in his two mails IPSEC/GRE is not so simple in
> theory either!
> 
> *Just a very happy user of OpenVPN*
> 
> Ditched IPSEC after about a week of effort to setup IPSEC in all our
> required scenarios. Then was in awe when I managed to do the same
> within 1 hour with OpenVPN from scratch (reading the documentation
> included). Never looked back.

For more reading on this subject, see the recent thread on this list
entitled "shorewall + ipsec openswan".

That user was doing IPIP tunneling through IPSEC and was going crazy with
rejected packets. It took him a long time to finally understand what was
happening and to configure the appropriate simple rules.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to