[CentOS] Choosing VPN Server

Thu Sep 20 15:44:51 UTC 2007
Lamar Owen <lowen at pari.edu>

On Thursday 20 September 2007, Ken Price wrote:
> OpenVPN doesn't support IPSec at all.  It's an SSL implementation.
> You'll want to look at Openswan (http://www.openswan.org/) for IPSec.
> PS.  The "www" is very important when going to the openswan site.
> Their webserver is configured funky.
> For Microsoft compatibility, Poptop and Openswan are your best bets.
> Neither are a piece of cake to setup, but I personally find Openswan
> easier ... but then I've been using it in a production environment for
> 5 or 6 years (was Freeswan).

You'll want an L2TP setup, though, for best security, performance, and best 
compatibility.  There are commercial Linux firewall boxes that do this 
easily; SmoothWall is one.  Barring that, install l2tpd (for CentOS 4 it's on 
Karanbir's CentOS repo; for CentOS 5 I'm not sure, as I don't have extra 
repos enabled on any of my CentOS 5 boxes).

Windows L2TP VPN's are the most secure, being PPP over L2TP over IPsec, 
without the holes that have plagued PPTP (PPP over L2TP does essentiall the 
same thing PPTP does, but in a more secure and standard manner).
Lamar Owen
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772