[CentOS] regarding vpn server for 1500 clients
Les Mikesell
lesmikesell at gmail.com
Tue Dec 23 19:02:40 UTC 2008
Robert Moskowitz wrote:
>
> I have never liked the SSLvpn architecture. Never really liked the SSL
> handshake; just too chatty. I wear my biases quite plainly on my arm
> sleeve (I chaired the IPsec workgroup during the time the RFCs came
> out). You want security, go with IPsec. Even ESP NULL gives you per
> packet authentication and thus proof of server and client. Just pay the
> price for IKE, which I never liked. Part of the reason I invented HIP....
But ssl vpns work though just about any firewall/proxy/nat that already
permit https. Traversing those can be painful or impossible for ipsec.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list