On 11/8/05, Benjamin Smith lists@benjamindsmith.com wrote:
I tried several times to get a VPN working - I tried
1) Tunneling IP over SSH fw. 2) IPSec 3) PPTPAll were painful, and often unreliable. (I'd do a kernel update, and suddenly VPN would die a horrible death, and I'd have to recompile a bunch of stuff to get it back up - ugh)
The best way, bar none, no exceptions, is using OpenVPN. Cross platform, fairly quick setup, good security, highly reliable.
After a few hours of tinkering during setup, "it just works" and has done so very reliably under rather demanding circumstances for over a year. Probably the worst part was setting up the routing tables on either end, and that seems to be a PITA regardless of your VPN solution...
The only downside I can find to OpenVPN is that it requires a process on the GW for each connection, so this could get cumbersome if you have hundreds of simultaneous connections. But, with my half-dozen connections, it works fanastically!
Just upgrade to 2.X and you will be able to use one process for all connections for the server.
-- Leonard Isham, CISSP Ostendo non ostento.