[CentOS] Choosing VPN Server
lowen at pari.edu
Thu Sep 20 15:44:51 UTC 2007
On Thursday 20 September 2007, Ken Price wrote:
> OpenVPN doesn't support IPSec at all. It's an SSL implementation.
> You'll want to look at Openswan (http://www.openswan.org/) for IPSec.
> PS. The "www" is very important when going to the openswan site.
> Their webserver is configured funky.
> For Microsoft compatibility, Poptop and Openswan are your best bets.
> Neither are a piece of cake to setup, but I personally find Openswan
> easier ... but then I've been using it in a production environment for
> 5 or 6 years (was Freeswan).
You'll want an L2TP setup, though, for best security, performance, and best
compatibility. There are commercial Linux firewall boxes that do this
easily; SmoothWall is one. Barring that, install l2tpd (for CentOS 4 it's on
Karanbir's CentOS repo; for CentOS 5 I'm not sure, as I don't have extra
repos enabled on any of my CentOS 5 boxes).
Windows L2TP VPN's are the most secure, being PPP over L2TP over IPsec,
without the holes that have plagued PPTP (PPP over L2TP does essentiall the
same thing PPTP does, but in a more secure and standard manner).
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
More information about the CentOS