Neil Broadley wrote: > 2010/1/4 Mathias Gug <[email protected] <mailto:[email protected]>> > > On Mon, Jan 4, 2010 at 1:33 PM, Martin Pitt > <[email protected] <mailto:[email protected]>> wrote: > > Hello Mathias, > > > > Mathias Gug [2010-01-04 12:23 -0500]: > >> If not the following packages could be demoted to universe: > >> * ipsec-tools (and racoon) given its vulnerability history > > > > Some years ago I actually used ipsec-tools (not racoon) to setup > a VPN > > in our university, but nowadays I'm using openvpn; it's simpler > to set > > up, and is supported with more devices (mobile phones, routers, > etc.) > > Agreed. It seems that there are at least two solutions to implement a > VPN in main: OpenVPN and IPSEC. I wonder how popular are IPSEC-based > VPNs nowadays? > > > Any decent sized corporate will still almost certainly be based on > IPSEC. I haven't encountered a single corporate environment deploying > OpenVPN or SSL solutions when you're talking site to site - everything > is IPSEC gateway to gateway. I agree, most corporate enviroments use ipsec for site-to-site using some kind of appliance, or even for roadwarriors, I still have som dapper boxes using openswan on to connect a remote site to sonicwalls appliances, cisco, even linksys and others.
I have read most appliance manufacturs test their boxes agains openswan because is more standard in regard to ipsec suite protocols, another point for ipsec is that it complaint with most security requiermentos for remote access. I use and promote openvpn for small business for site-to-site and roadwarriors but, I can't connect my nokia phone to the vpn so I use ipsec :) Best regards > > My experience is entirely based within the financial sector however, > so may be biased. > > Your question "how popular are IPSEC VPNs these days" is probably more > "how popular are they with Ubuntu or Linux users?" and is probably > answered, "not very". I can't think of many instances where you would > use IPSEC to connect a peer to a gateway. Checkpoint tried that with > their SecureClient product and there's a good reason ti's largely > discontinued now (although, strangely, still supported). It's a > horror, and you're better off with SSL solutions, such as OpenVPN or > Cisco's ASA devices (also SSL based, I believe) or even Citrix access > gateway or whatever Xen-based name it's called now (although last I > looked a couple of years back, there was no Linux client for that). > > But in my experience, if you want to connect site to site, IPSEC is > still the only way to go, because you don't need a client. At all. > Which means, yes, it's slightly more difficult to set up, but it means > that any equipment can use that VPN, since it's based on the gateway, > not on the client. > > Neil. > > > > -- > Mathias Gug > Ubuntu Developer http://www.ubuntu.com > > -- > ubuntu-devel mailing list > [email protected] <mailto:[email protected]> > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel > > -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: [email protected] GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632 -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
