[CentOS] VPN suggestions centos 6, 7

Mon Apr 4 20:46:32 UTC 2016
Gordon Messmer <gordon.messmer at gmail.com>

On 04/04/2016 12:11 PM, Jussi Hirvi wrote:
> This made me google around a little, and I found some good info here. 
> They, too, kind of recommend openvpn.
> http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/ 

This is not good information.

In brief:

"There are some concerns that the NSA could have weakened the standard, 
but no one knows for sure."
Pure FUD.  There is no reason to believe this as related to IPSec that 
does not apply to other protocols as well.  There is, therefore, no 
reason to write that other than bias.

"Either way, this is a slower solution than OpenVPN. ... It’s a two-step 
OpenVPN tunnels traffic through a user space process, just like 
l2tp/ipsec does, and in my experience offers no better performance. If 
throughput is your main concern, use IPsec without l2tp.

"because it can be configured to use AES encryption, is arguably more 
trustworthy than L2TP/IPsec."
IPSec can also use AES as a cipher and provide PFS, for that matter.