On Wed, 22 Dec 2004 08:57:11 -0600, Aleksandar Milivojevic <amilivojevic@xxxxxx> wrote: > R. S. Patil wrote: > > When searched on google i got two three options like > > FreeS/WAN, StrongS/WAN, OpenS/WAN and Open VPN. > > The *S/WANs are all IPSec implementations. 2.6 kernels has native > IPSec, so you really don't need them anymore. Unless you already have > infrastructure that uses them and/or are very familiar with them, I'd > just go with Linux native IPSec. > > OpenVPN is user-land implementation. Another user-land implementation > is VTun. > > Both (IPSec and user-land stuff) have advantages and disadvantages. > IPSec (in combination with auto-rekeying and x509 certificates) is > probably the best way to go, but you'll need to do some reading to > understand how it works. On the other hand user-land stuff like VTun is > very easy to understand and configure (you can get it up and running in > about 10 minutes, even if you are completely new to it). OpenVPN is > somewhere in the middle. > OpenVPN is well supported by the user community and is rock solid. OpenVPN handels dynamic IPs and works with the platforms you described. Windows users do not have to have administrative rights to start and stop tunnels. I have been using OpenVPN since 1.6 Release Canidate days and as someone that has worked with IPSec including with CheckPoint I highly recommend OpenVPN. -- Leonard Isham, CISSP Ostendo non ostento.