[CentOS] VPN suggestions centos 6, 7

Lamar Owen lowen at pari.edu
Tue Apr 5 17:13:06 UTC 2016


On 04/05/2016 12:30 PM, Gordon Messmer wrote:
> IPSec is typically encapsulated on UDP port 4500, due to the ubiquity 
> of NAT.  OpenVPN doesn't really have an advantage, there.
IPSec and OpenVPN (and the others) each have their use cases.  I have 
had experience with IPSec (via SmoothWall's SmoothTunnel 
implementation), Cisco's VPN implementation, and the commercial OpenVPN 
Access Server, and I have found OpenVPN AS the easiest to support for 
the road warrior use case, including and especially wifi and 3G/4G 
connected ios and android devices.  OpenVPN AS will listen on TCP port 
443, and virtually no one blocks TCP/443 (although you do lose some 
tunnel functionality with TCP encapsulation).

I did have numerous issues with the road warrior cases with the IPSec 
solution, many of which were firewall/captive portal issues and not 
issues with the otherwise excellent SmoothTunnel.  I will admit that I 
have not tried an IPsec solution in a while, but I haven't had the need 
to do so, either.

OpenVPN AS takes all the hard parts out of the server-side config, and 
it works well on CentOS 7 (which is the platform on which I am running 
the server).  For point-to-point remote offices, I deploy small routers 
running DD-WRT, which has a reasonable OpenVPN client that works well 
once you get it working initially.  It isn't necessarily the easiest to 
get working, though.




More information about the CentOS mailing list