Prasanna Krishnamoorthy wrote: >>From experience and what I've read, IPSEC is easy to setup and work > with where there is no natting/firewalling. > > Where there is natting/firewalling IPSEC or the firewall/nat is not so > trivial to setup. > > Your choice is based on the amount of time you are ready to spend. In > this two site-scenario, I can bet that OpenVPN would take less than > 1hr from scratch! > > And as Tom has said in his two mails IPSEC/GRE is not so simple in > theory either! > > *Just a very happy user of OpenVPN* > > Ditched IPSEC after about a week of effort to setup IPSEC in all our > required scenarios. Then was in awe when I managed to do the same > within 1 hour with OpenVPN from scratch (reading the documentation > included). Never looked back.
For more reading on this subject, see the recent thread on this list entitled "shorewall + ipsec openswan". That user was doing IPIP tunneling through IPSEC and was going crazy with rejected packets. It took him a long time to finally understand what was happening and to configure the appropriate simple rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
