Geoff Galitz wrote:
Openswan is your friend. I have it running (under OpenSUSE) and it is quite easy. I tend to favor IPsec over SSL as I don't like to have openssl as a dependancy.
On the other hand, if you don't have a strict requirement for IPsec, it is much easier to get the udp or tcp packets that work for openvpn through NAT and port-forwarding routers.
True for port fowarding, but current versions of Openswan (that is, currently available in most public repos) work just fine with NAT. I am using it in NAT environment and I did not have to make NAT/Masquerading adjustments. This was not always the case, and the Openswan docs still refer to adjustments for NAT networks... but as I said it works just fine for us without adjustments.
-geoff
------------------------------ Geoff Galitz Blankenheim, DE http://www.galitz.org