[CentOS] Optimal VPN

Thu Dec 9 16:29:27 UTC 2010
Steve Clark <sclark at netwolves.com>

On 12/09/2010 10:30 AM, David Sommerseth wrote:
> On 25/11/10 14:12, J.Witvliet at mindef.nl wrote:
> [...snip...]
>    
>> Will you be confronted with IPv6 in the (not so) near future? Forget
>> OpenVPN, it is still beta there, while it has been implemented in
>> strongswan for ages, and part of there standard test plan.
>>      
> Okay, I'll admit up-front I'm biased, as I am involved in the OpenVPN
> project.  But I can provide some info here.
>
> IPv6 is currently in the development tree.  I'm using it on my personal
> equipment now, using IPv6 over TUN interface between a OpenWRT router
> and a Linux "road warrior" client.  I'm also looking for how to get this
> code base compiled for maemo5 as well.  Early next year, I'm going to
> run this development code on a couple of production boxes as well.
>
> Another developer (the guy who implemented the IPv6 support) is also
> using this IPv6 implementation in a bigger environment too.
>
> We're currently in the end of the beta round for OpenVPN-2.2 and will
> release a RC version around Christmas.  The full release will come
> sometime around January.  That code base is without IPv6.  (2.2 is
> basically a bigger bugfix release with a couple of new features)
>
> The 2.3-beta round is scheduled sometime around February/March, with a
> release slated for late summer 2011.  This release will include IPv6
> support, both for transport (connect/listen/bind to IPv6 addresses) and
> payload (IPv6 over tun and tap via tunnel with IPv6 client configuration
> support).
>
> <http://thread.gmane.org/gmane.network.openvpn.devel/4221>
>
> But for early adopters ... the current development code is stable enough
> for daily usage without too much troubles.  And we would like to see
> more people testing out this code.
>
> <https://community.openvpn.net/openvpn/wiki/TesterDocumentation>
>
>    
>> Furthermore, openvpn is only compatible with openvpn, while using ipsec you might be able to connect to other boxes.
>>      
> That is mostly true, except for those vendors adding their own
> proprietary extensions to their ipsec implementations ... thus making it
> a vendor lock-in again.
>
>    
Hmm... We run ipsec, (using ipsec-tools on both Linux and FreeBSD),
  to Cisco, Juniper, NetScreen and many others without problem.
What vendors are you talking about?

>      "That's the wonderful thing about standards,
>       everyone can have their own"
>                                        - unknown
>
>
> kind regards,
>
> David Sommerseth
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>    


-- 
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20101209/92868e2c/attachment-0005.html>