Ralph Angenendt wrote:
Florin Andrei wrote:
So far, OpenVPN has been working very well for me. Unfortunately, the iPhone doesn't have (yet?) an OpenVPN client, so I'm forced to work with what's available.
The options are: L2TP, PPTP and IPSec. If you were to install a VPN endpoint on CentOS, which protocol would you prefer?
IPSEC.
That's only a few entries in a file in /etc/sysconfig/network-scripts away from a working solution >:)
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-networkscripts-interfaces-ipsec.html
Okay, so it's included with the OS and some documentation is available. Good.
Now, from a practical perspective, how trustworthy is it? I'm looking for something to setup and forget. E.g. I am running Postfix instead of Sendmail precisely for the setup-and-forget nature of the software - the security track record of Postfix is remarkably good, so I can use it without having to worry too much. I threw the server away into a cabinet in the living room, it's hidden from view, it just works, very much like an appliance. Minimizing the admin time is crucial.
Same with OpenVPN. Turn it on and it just works, solid as a rock, no excessive worries about nasty security bugs every three months.
I haven't used IPSec VPN with Linux endpoints very much, so that's why I'm a bit unfamiliar with how robust these things are, from a security history perspective.