[CentOS] VPN suggestions centos 6, 7
lowen at pari.edu
Tue Apr 5 17:13:06 UTC 2016
On 04/05/2016 12:30 PM, Gordon Messmer wrote:
> IPSec is typically encapsulated on UDP port 4500, due to the ubiquity
> of NAT. OpenVPN doesn't really have an advantage, there.
IPSec and OpenVPN (and the others) each have their use cases. I have
had experience with IPSec (via SmoothWall's SmoothTunnel
implementation), Cisco's VPN implementation, and the commercial OpenVPN
Access Server, and I have found OpenVPN AS the easiest to support for
the road warrior use case, including and especially wifi and 3G/4G
connected ios and android devices. OpenVPN AS will listen on TCP port
443, and virtually no one blocks TCP/443 (although you do lose some
tunnel functionality with TCP encapsulation).
I did have numerous issues with the road warrior cases with the IPSec
solution, many of which were firewall/captive portal issues and not
issues with the otherwise excellent SmoothTunnel. I will admit that I
have not tried an IPsec solution in a while, but I haven't had the need
to do so, either.
OpenVPN AS takes all the hard parts out of the server-side config, and
it works well on CentOS 7 (which is the platform on which I am running
the server). For point-to-point remote offices, I deploy small routers
running DD-WRT, which has a reasonable OpenVPN client that works well
once you get it working initially. It isn't necessarily the easiest to
get working, though.
More information about the CentOS