[ale] Cost of freedom

[David Hillman]

We recently got a Netgear FVS338 Prosafe VPN Firewall to as a replacement
for our box that died.  Here is an account of our attempt to get the VPN
working on that device.  The firewall box is housed in a LAN that we have in
one of the local data centers miles from our main office.  At the office we
have Windows 7 64-bit, Ubuntu and Mac OS X clients for our web development
team.

Getting the FVS338 working with the Windows XP client machines was not a
problem at all--the software was included on the CD.  Everything went
downhill after that though.  Netgear didn't seem to have a client ready for
Windows 7 64-bit machines and there weren't any official clients for Ubuntu
or Mac OS X.  After some digging, I found the Shrew Soft Inc client that is
supposed to work in Ubuntu and Mac OS X.  The Mac OS X client connected fine
but the Linux client never did, despite having the exact same configuration.

Some more searching on Netgear's website showed there is supposed to be a
client for Windows 7 64-bit machines, but you can't freely download the
thing; you have to sign up and register the serial number on the device
first.  However, our device was bolted to a wall halfway across town.  No
thanks to that, especially when OpenVPN is a free download any day of the
week.

Vowing never to go through this crap again, we remotely installed Ubuntu
server, along with OpenVPN, in a virtual machine and had all of the clients
happily connected in half the time it took to do the running around for that
Netgear box.  Lesson learned: flexibility is key in a heterogeneous
environment like ours, and open source, especially Linux, is way more
flexible than anything else out there.

Why did we go with the Netgear box in the first place? Someone with control
over the purse strings thought it would be easier and faster.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110516/e82ae236/attachment-0001.html