On 12/09/2010 10:30 AM, David Sommerseth wrote:
On 25/11/10 14:12, J.Witvliet@mindef.nl wrote: [...snip...]
Will you be confronted with IPv6 in the (not so) near future? Forget OpenVPN, it is still beta there, while it has been implemented in strongswan for ages, and part of there standard test plan.
Okay, I'll admit up-front I'm biased, as I am involved in the OpenVPN project. But I can provide some info here.
IPv6 is currently in the development tree. I'm using it on my personal equipment now, using IPv6 over TUN interface between a OpenWRT router and a Linux "road warrior" client. I'm also looking for how to get this code base compiled for maemo5 as well. Early next year, I'm going to run this development code on a couple of production boxes as well.
Another developer (the guy who implemented the IPv6 support) is also using this IPv6 implementation in a bigger environment too.
We're currently in the end of the beta round for OpenVPN-2.2 and will release a RC version around Christmas. The full release will come sometime around January. That code base is without IPv6. (2.2 is basically a bigger bugfix release with a couple of new features)
The 2.3-beta round is scheduled sometime around February/March, with a release slated for late summer 2011. This release will include IPv6 support, both for transport (connect/listen/bind to IPv6 addresses) and payload (IPv6 over tun and tap via tunnel with IPv6 client configuration support).
http://thread.gmane.org/gmane.network.openvpn.devel/4221
But for early adopters ... the current development code is stable enough for daily usage without too much troubles. And we would like to see more people testing out this code.
https://community.openvpn.net/openvpn/wiki/TesterDocumentation
Furthermore, openvpn is only compatible with openvpn, while using ipsec you might be able to connect to other boxes.
That is mostly true, except for those vendors adding their own proprietary extensions to their ipsec implementations ... thus making it a vendor lock-in again.
Hmm... We run ipsec, (using ipsec-tools on both Linux and FreeBSD), to Cisco, Juniper, NetScreen and many others without problem. What vendors are you talking about?
"That's the wonderful thing about standards, everyone can have their own" - unknown
kind regards,
David Sommerseth
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos