[CentOS] CentOS VPN server for iPhone

Thu Mar 26 19:26:28 UTC 2009
Florin Andrei <florin at andrei.myip.org>

Ralph Angenendt wrote:
> Florin Andrei wrote:
>> So far, OpenVPN has been working very well for me. Unfortunately, the 
>> iPhone doesn't have (yet?) an OpenVPN client, so I'm forced to work with 
>> what's available.
>> The options are: L2TP, PPTP and IPSec. If you were to install a VPN 
>> endpoint on CentOS, which protocol would you prefer? 
> That's only a few entries in a file in /etc/sysconfig/network-scripts
> away from a working solution >:)
> <http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-networkscripts-interfaces-ipsec.html>

Okay, so it's included with the OS and some documentation is available. 

Now, from a practical perspective, how trustworthy is it? I'm looking 
for something to setup and forget. E.g. I am running Postfix instead of 
Sendmail precisely for the setup-and-forget nature of the software - the 
security track record of Postfix is remarkably good, so I can use it 
without having to worry too much. I threw the server away into a cabinet 
in the living room, it's hidden from view, it just works, very much like 
an appliance. Minimizing the admin time is crucial.

Same with OpenVPN. Turn it on and it just works, solid as a rock, no 
excessive worries about nasty security bugs every three months.

I haven't used IPSec VPN with Linux endpoints very much, so that's why 
I'm a bit unfamiliar with how robust these things are, from a security 
history perspective.

Florin Andrei