[CentOS] Choosing VPN Server

[Brian Mathis]

I just want to point out that the default port for openvpn is 1194.
SSL/TLS has absolutely nothing to do with port 443, except that https
happens to use both port 443 and SSL/TLS.  Otherwise, SSL/TLS is
simply a toolkit used for encryption, and does not require any
specific port whatsoever.  Saying so would be like saying that glibc
requires network port XYZ.

The use of port 443 with openvpn is only mentioned as a convenience,
because many firewalls allow traffic to port 443 to pass unrestricted,
while they may block other ports.

Those of you in the know probably already know this, but for those
unfamiliar, the discussion may seem to imply that port 443 and SSL/TLS
are tightly bound.  This message is intended to clarify that
implication.


On 9/20/07, Ross S. W. Walker <rwalker at medallion.com> wrote:
> Wei Yu wrote:
> >
> > Does openvpn support IPsec well?
> > I want the server to work cooperation with a Microsoft ISA
> > Server inside the intranet with site-to-site vpn mode.
> > For that reason I want the server has good compatibility with windows.
>
> You don't need IPSec for Windows ISA server compatibility, just add a
> server publishing rule that forwards your OpenVPN port of choice to
> the internal OpenVPN server, whether it is on CentOS or Windows doesn't
> matter.
>
> If you use a different SSL port then 443, which you will need to do if
> you also publish an https: site off of ISA, then you need to run a
> script that adds that port # to the list of authorized SSL ports on
> the ISA server.
>
> Also when deploying the OpenVPN client to your Windows laptops look
> at using Group Policy so they are all identically installed and
> configured.
>
> -Ross
>
>
> > On 9/19/07, Alain Spineux <aspineux at gmail.com> wrote:
> >
> >       OpenVPN works with windows too (client or server).
> >       The same configuration files works on both OS.
> >       Very easy to enable multiple VPN connection at the same time.
> >
> >
> >
> >       On 9/19/07, Brian Mathis <brian.mathis at gmail.com> wrote:
> >       > On 9/19/07, Wei Yu <zig.wei at gmail.com> wrote:
> >       > > Hi,
> >       > >
> >       > > I am facing a task of choosing vpn server. I do not
> > know which is better.
> >       > > The one distributed with CentOS4.5 only supports
> > pppd (or maybe pptp but I
> >       > > cannot find it).
> >       > > If I want to use PPTP or L2TP, which one should I
> > choose? OpenVPN? Poptop?
> >       > >
> >       > > Thanks.
> >       > >
> >       >
> >       > I suggest OpenVPN.  It's modern, very secure, and had
> > a wide range of
> >       > options and usage scenarios.  PPTP / L2TP is a pain
> > to get working,
> >       > and it has some security issues.
> >
> >       --
> >       Alain Spineux
> >       aspineux gmail com
> >
> > --
> > Zijing 15# 1404B Tsinghua Univ.
> > +86 -10 -51537235
> > Zig
> >
>