On 12/10/10 2:42 AM, David Sommerseth wrote:
On 09/12/10 17:29, Steve Clark wrote:
On 12/09/2010 10:30 AM, David Sommerseth wrote:
On 25/11/10 14:12, J.Witvliet@mindef.nl wrote:
[...snip...]
Furthermore, openvpn is only compatible with openvpn, while using ipsec you might be able to connect to other boxes.
That is mostly true, except for those vendors adding their own proprietary extensions to their ipsec implementations ... thus making it a vendor lock-in again.
Hmm... We run ipsec, (using ipsec-tools on both Linux and FreeBSD), to Cisco, Juniper, NetScreen and many others without problem. What vendors are you talking about?
I don't have personal hand-on experiences with ipsec issues. However, I would expect things to work flawlessly as long as you don't enable vendor specific features, or if you enable compatible features.
http://www.veiligmobiel.com/IPsecCompatibility.htm
And I believe it will be even more differences if you try to use a "tunnelled" setup versus a "transport" setup, where the tunnelled mode will act more a like a SSL based VPN. If I have understood it correctly.
On Ciscos I've always run GRE tunnels with only the GRE packets going through ipsec to get interfaces that can handle dynamic routing protocols, multicast, etc. Is there a way to get that kind of tunnel interface with ipsec alone?