Ralph Angenendt wrote: > Florin Andrei wrote: >> So far, OpenVPN has been working very well for me. Unfortunately, the >> iPhone doesn't have (yet?) an OpenVPN client, so I'm forced to work with >> what's available. >> >> The options are: L2TP, PPTP and IPSec. If you were to install a VPN >> endpoint on CentOS, which protocol would you prefer? > > IPSEC. > > That's only a few entries in a file in /etc/sysconfig/network-scripts > away from a working solution >:) > > <http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-networkscripts-interfaces-ipsec.html> Okay, so it's included with the OS and some documentation is available. Good. Now, from a practical perspective, how trustworthy is it? I'm looking for something to setup and forget. E.g. I am running Postfix instead of Sendmail precisely for the setup-and-forget nature of the software - the security track record of Postfix is remarkably good, so I can use it without having to worry too much. I threw the server away into a cabinet in the living room, it's hidden from view, it just works, very much like an appliance. Minimizing the admin time is crucial. Same with OpenVPN. Turn it on and it just works, solid as a rock, no excessive worries about nasty security bugs every three months. I haven't used IPSec VPN with Linux endpoints very much, so that's why I'm a bit unfamiliar with how robust these things are, from a security history perspective. -- Florin Andrei http://florin.myip.org/