[CentOS] Optimal VPN

Thu Dec 9 15:30:58 UTC 2010
David Sommerseth <dazo at users.sourceforge.net>

On 25/11/10 14:12, J.Witvliet at mindef.nl wrote:
[...snip...]
> Will you be confronted with IPv6 in the (not so) near future? Forget
> OpenVPN, it is still beta there, while it has been implemented in
> strongswan for ages, and part of there standard test plan.

Okay, I'll admit up-front I'm biased, as I am involved in the OpenVPN
project.  But I can provide some info here.

IPv6 is currently in the development tree.  I'm using it on my personal
equipment now, using IPv6 over TUN interface between a OpenWRT router
and a Linux "road warrior" client.  I'm also looking for how to get this
code base compiled for maemo5 as well.  Early next year, I'm going to
run this development code on a couple of production boxes as well.

Another developer (the guy who implemented the IPv6 support) is also
using this IPv6 implementation in a bigger environment too.

We're currently in the end of the beta round for OpenVPN-2.2 and will
release a RC version around Christmas.  The full release will come
sometime around January.  That code base is without IPv6.  (2.2 is
basically a bigger bugfix release with a couple of new features)

The 2.3-beta round is scheduled sometime around February/March, with a
release slated for late summer 2011.  This release will include IPv6
support, both for transport (connect/listen/bind to IPv6 addresses) and
payload (IPv6 over tun and tap via tunnel with IPv6 client configuration
support).

<http://thread.gmane.org/gmane.network.openvpn.devel/4221>

But for early adopters ... the current development code is stable enough
for daily usage without too much troubles.  And we would like to see
more people testing out this code.

<https://community.openvpn.net/openvpn/wiki/TesterDocumentation>

> Furthermore, openvpn is only compatible with openvpn, while using ipsec you might be able to connect to other boxes.

That is mostly true, except for those vendors adding their own
proprietary extensions to their ipsec implementations ... thus making it
a vendor lock-in again.

    "That's the wonderful thing about standards,
     everyone can have their own"
                                      - unknown


kind regards,

David Sommerseth