[CentOS] VPN suggestions centos 6, 7

Gordon Messmer gordon.messmer at gmail.com
Mon Apr 4 20:46:32 UTC 2016


On 04/04/2016 12:11 PM, Jussi Hirvi wrote:
> This made me google around a little, and I found some good info here. 
> They, too, kind of recommend openvpn.
> http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/ 
>

This is not good information.

In brief:

"There are some concerns that the NSA could have weakened the standard, 
but no one knows for sure."
Pure FUD.  There is no reason to believe this as related to IPSec that 
does not apply to other protocols as well.  There is, therefore, no 
reason to write that other than bias.

"Either way, this is a slower solution than OpenVPN. ... It’s a two-step 
process."
OpenVPN tunnels traffic through a user space process, just like 
l2tp/ipsec does, and in my experience offers no better performance. If 
throughput is your main concern, use IPsec without l2tp.

"because it can be configured to use AES encryption, is arguably more 
trustworthy than L2TP/IPsec."
IPSec can also use AES as a cipher and provide PFS, for that matter.




More information about the CentOS mailing list