From: Manon Goo (manonmanon.de)
Date: Mon Feb 07 2005 - 10:54:55 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you need layer7 tunneling I would look at openvpn.

--On 7. Februar 2005 09:29:32 -0500 Joel Dinel <joel.dinelgmail.com> wrote:

> On Mon, 07 Feb 2005 13:24:44 +0100, Juan J. Martinez
> <reidracreidrac.dyndns.org> wrote:
>> Well, from my experiencie is not trivial at all make interoperate
>> different implementations of IPSec.
>
> I agree with Juan here. I have successfully built IPSec tunnels
> between OBSD and Checkpoint, and CISCO. OBSD <-> Cisco is easy. OBSD
> <-> CheckPoint NG took a bit more work.
>
>>
>> If you're planning to use obsd vs obsd, it will work fine. But I tried
>> FreeS/WAN under linux vs obsd implementation and I concluded... ssh
>> tunnels rocks! :D
>
> I came to the same conclusion.
>
>>
>> I bet it was my fault, so first value your needs. I realized IPSec was
>> not a good idea for my problem after wasting two days on the thing.
>
> IPSec is inherently complex. It can lead to many configuration errors,
> which in turn can lead to security issues.
>
> If you're establishing VPNs between equipment under your control, and
> not between yourself and 3rd-party vendors, go ahead and try OpenVPN.
> It's based on SSL (better security record), is much simpler to setup,
> and runs on pretty much all UNICES and even windows.

[demime 1.01d removed an attachment of type application/pgp-signature]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]