[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote login
- Subject: Re: Remote login
- From: Michael Richardson <..hidden..>
- Date: Sun, 28 Mar 2010 11:11:50 -0400
>>>>> "Chris" == Chris Travers <..hidden..> writes:
Chris> When I build a VPN, I prefer to do it using
Chris> standards-compliant tools. OpenSSH, while
Chris> standards-compliant isn't particularly scalable. OpenVPN
Chris> while fairly scalable wasn't based on any standards last time
Chris> I checked. I usually use OpenS/wan in the past. The nice
Chris> thing about OpenS/Wan is that since it is just a standard
Chris> IPSEC toolkit, it is compatible not only with most desktop
I'm also one of the maintainers of Openswan.
CISCO VPN adapters are not IPsec compliant, btw.
The are hacks in Openswan to make it work with "CISCO VPN Adapters" (not
to be confused with CISCO IPsec solutions).
OpenVPN has the advantage that it can innovate very quickly, since it is
portable open source that runs on multiple platforms. It has the
disadvantage that the group of people who work on it is small, and if
there is a bug, it affects all versions. The openvpn folks have gotten
lots right, but also lots and lots wrong.
If openvpn works for someone then great, use it.
One of the major challenges of IPsec is that microsoft just hasn't made
it easy, and Apple has been rather "well, it works with CISCO VPN
Adapters, we are done".
As far as I'm concerned, SSH tunnels (from windows, using passwords),
SSL (HTTPS), IPsec (using PSK), and OpenVPN (often using PSK) are all
pretty much equivalent in security. HTTPS is the simplest to support.
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] ..hidden.. http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.