[ale] VPN choices...

Michael H. Warfield mhw at wittsend.com
Tue Mar 8 10:33:05 EST 2005 

On Tue, 2005-03-08 at 08:38 -0500, David Corbin wrote:
> Our IT guy is looking to replace our current VPN solution.  Of course, I'd 
> like to see him using something Linux compatible, but he's a very 
> MS-kind-of-guy. So, the question is, what Linux based firewall/VPN solutions 
> are available that meet these requirements:
> 
> 1) Must have support for Windows clients (XP, XP Home, 2000, at a guess).
> 2) Must be able to configure a Linux client for it, but doesn't have to be as 
> trivial :)

	Either IPSec NAT-T or OpenVPN should work just fine for the above two
points.  IPSec NAT-T is supported by Windows XP (and you wouldn't need
an add on VPN client) and should be available for Windows 2K.  OpenVPN
has support for Windows versions.

> 3) Must be simple to setup for a non Linux guru.

	IPSec is part of XP and integrated in rather nicely into that paradigm.
Windows people should have no problem setting it up since it's a Windows
thingy.  Openswan, Strongswan, can support Windows VPN clients under
IPSec NAT-T.  But it is NOT a simple setup for a non Linux guru.  (Was
that meant to mean that you are a "non-Linux" guru, like a Windows guru,
or that you are a non "Linux guru", just not a guru for Linux?  Big
difference there!)  I can't really judge on the ease of setting up
OpenVPN on Windows.  I've recently been looking at the OpenVPN 2.0
release candidates and there is a vast improvement in 2.0, which
includes a multiclient server mode, over the 1.6 version which is purely
peer-to-peer and (IMHO) doesn't scale well where you have lots of
systems in a mesh (1.x you had to allocate UDP ports by hand and manage
who was using what port with multiple clients on each system).

> 4) Ideally, a drop in Live CD would probably be a good thing :)

	I would check out www.distrowatch.org and see what they list for the
various bootable distributions.  Several come with VPN's including
OpenVPN and IPSec.

> David
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com  
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list