Hello, - Thanks!
- I agree that openVPN is easy manage, as you say. - I am interested in comparing it to IPSec; ignore the management issues; I agree they are **very** important, but I am interested to compare the essence of these two options: which is better in terms of performance ? which is more secure ? which seems to be the one which will be the preferred option in the future? pros and cons ? This is a citation from openswan book (Packt Publishing): (chapter 10, Encrypting the local network) "- One popular solution is VPNs based on SSL, but the problem with SSL of course is that it uses a TCP connection. An attacker can send a single spoofed TCP-RST packet to kill an SSL-based VPN tunnel. Another popular solution is OpenVPN, which provides a relatively easy to set up and use UDP-based VPN. However, OpenVPN clients are only available for a limited number of operating systems. It also needs pre-arrangement; you need to know each others' SSL credentials. OpenVPN has also been exposed to much less scrutiny from the crypto research community. Other alternatives used are stunnel (SSL wrapping) or CIPE. The CIPE protocol has turned out to be fundamentally flawed, and should not be used at all. Stunnel solutions suffer from the TCPRST flag issue already mentioned". What do you have to say about this citation? Regards, Ian On 9/18/07, Alex Samad <[EMAIL PROTECTED]> wrote: > On Tue, Sep 18, 2007 at 11:34:10AM +0200, Ian Brown wrote: > > Hi, > > - Can anybody recommend on a free VPN for linux ? > > > > - I know that it can be installed on top of IPSec (with > > userspace tools like Openswan , http://www.openswan.org/). > > > > - I know that you can create a VPN using PPTP (Point-to-Point > > Tunneling Protocol) > > > > - What are the advantages/disadvantages of using solution like > > openswan IPSec VPN > > comparing to PPTP ? > > I would recommend openvpn, it works with linux and windows. it works through > http proxies and can be authorised and authenticated with x509 cert's. > > I have found it a lot simple to install and manage than ipsec > > http://openvpn.net/ > > > > > > rgs, > > Ian > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFG770kkZz88chpJ2MRAiFcAJ9cyA9Vpb41zXm+x41UMKpuDn0sAgCfboD3 > tv29EhZld3xu9QaJ6YSQrPA= > =Wppl > -----END PGP SIGNATURE----- > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
