[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote login

>>>>> "Chris" == Chris Travers <..hidden..> writes:
    Chris> When I build a VPN, I prefer to do it using
    Chris> standards-compliant tools.  OpenSSH, while
    Chris> standards-compliant isn't particularly scalable.  OpenVPN
    Chris> while fairly scalable wasn't based on any standards last time
    Chris> I checked.  I usually use OpenS/wan in the past.  The nice
    Chris> thing about OpenS/Wan is that since it is just a standard
    Chris> IPSEC toolkit, it is compatible not only with most desktop

I'm also one of the maintainers of Openswan.

CISCO VPN adapters are not IPsec compliant, btw.  
The are hacks in Openswan to make it work with "CISCO VPN Adapters" (not
to be confused with CISCO IPsec solutions).  

OpenVPN has the advantage that it can innovate very quickly, since it is
portable open source that runs on multiple platforms.  It has the
disadvantage that the group of people who work on it is small, and if
there is a bug, it affects all versions.   The openvpn folks have gotten
lots right, but also lots and lots wrong.

If openvpn works for someone then great, use it.

One of the major challenges of IPsec is that microsoft just hasn't made
it easy, and Apple has been rather "well, it works with CISCO VPN
Adapters, we are done".

As far as I'm concerned, SSH tunnels (from windows, using passwords),
SSL (HTTPS), IPsec (using PSK), and OpenVPN (often using PSK) are all
pretty much equivalent in security.  HTTPS is the simplest to support.

]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] ..hidden.. http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition.