|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ssh tunnels vs. ipsec tunnels
From: Joel Dinel (joel.dinel
gmail.com)
Date: Mon Feb 07 2005 - 08:29:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 07 Feb 2005 13:24:44 +0100, Juan J. Martinez
<reidracreidrac.dyndns.org> wrote:
> Well, from my experiencie is not trivial at all make interoperate
> different implementations of IPSec.
I agree with Juan here. I have successfully built IPSec tunnels
between OBSD and Checkpoint, and CISCO. OBSD <-> Cisco is easy. OBSD
<-> CheckPoint NG took a bit more work.
>
> If you're planning to use obsd vs obsd, it will work fine. But I tried
> FreeS/WAN under linux vs obsd implementation and I concluded... ssh
> tunnels rocks! :D
I came to the same conclusion.
>
> I bet it was my fault, so first value your needs. I realized IPSec was
> not a good idea for my problem after wasting two days on the thing.
IPSec is inherently complex. It can lead to many configuration errors,
which in turn can lead to security issues.
If you're establishing VPNs between equipment under your control, and
not between yourself and 3rd-party vendors, go ahead and try OpenVPN.
It's based on SSL (better security record), is much simpler to setup,
and runs on pretty much all UNICES and even windows.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]