[CentOS] regarding vpn server for 1500 clients

Robert Moskowitz rgm at htt-consult.com
Tue Dec 23 18:42:36 UTC 2008


Bernard 'Tux' Lheureux wrote:
> Matt wrote:
>   
>>> I have to build vpn server for 1500 clients. No encryption necessary.
>>> can anyone please recommend me vpn server.
>>>
>>> Have you looked at Mikrotik.com router OS?  It has PPTP server.  Very
>>> fast and easy to setup
>>>       
> But PPTP is very weak in terms of security...
> IPsec or SSL VPNs should be used to ensure security on the VPN connections

The OP did not want per packet encryption.  Did not even want per packet 
authentication.  Just tunneling.  ERGO something like PPTP.

Of course if the Linux implementation of the PPTP server is so 
ineffcient (written in PERL), that you have to buy a PPTP server, now 
you have to compare it to an IPsec or SSLVPN server.

I have never liked the SSLvpn architecture.  Never really liked the SSL 
handshake; just too chatty.  I wear my biases quite plainly on my arm 
sleeve (I chaired the IPsec workgroup during the time the RFCs came 
out).  You want security, go with IPsec.  Even ESP NULL gives you per 
packet authentication and thus proof of server and client.  Just pay the 
price for IKE, which I never liked.  Part of the reason I invented HIP....


Of course if the OP goes with an SSL application, and moves away from 
tunneling, then YES just go with SSL on the server and add an SSL 
acceleration board.





More information about the CentOS mailing list