On Mon, 6 Dec 2010 05:38:14 +0100 <J.Witvliet@xxxxxxxxx> wrote: > Does not agree, > > "People" claim that openvpn is supposedly easier to configure, > compared with *swan. Indeed. At least part of it is going to be a personal preference. If you know and have used ipsec for a long time thats likely to be easier for you. ;) > However, for a _very_ simple tunnel that migth be true, but most of > the problems people encounter with ipsec are often related to either > certificates, CA's, routing, or smartcards. And they will encouter > likewise problems (but other syntax) when using openvpn. > > When confronted with more complex network setup (mesh topology), > scalability, or ipv6 your best (or even only) option remains ipsec. I'll disagree with you there. I have setup openvpn in all kinds of setups. ;) It's a great deal more flexable. It can bridge or route, it can work on any port udp or tcp, it can go through proxies, it uses the normal bridging/routing tools as any other real device. > Interoperability with existing vpn products? Forget openvpn! Indeed. You need openvpn on both ends. If you don't control one end point, ipsec may be your only/best choice. > Even for very simple hapsnap tunnels one might even consider the > tunnel capabilities of openssh..... ssh performs pretty poorly in some cases, doesn't automatically reconnect, requires a higher level of access, only works over tcp, etc. > Hw kevin -- > ----- Oorspronkelijk bericht ----- > Van: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx > <users-bounces@xxxxxxxxxxxxxxxxxxxxxxx> Aan: > users@xxxxxxxxxxxxxxxxxxxxxxx <users@xxxxxxxxxxxxxxxxxxxxxxx> > Verzonden: Sat Dec 04 21:41:35 2010 Onderwerp: Re: VPN/IPSEC tunnel > > On Sat, 04 Dec 2010 13:32:04 -0430 > Patrick O'Callaghan <pocallaghan@xxxxxxxxx> wrote: > > > On Sat, 2010-12-04 at 18:57 +0100, Luc MAIGNAN wrote: > > > Is openVPN can make IPSec tunnels or just SSL ? > > > > I believe it's fully IPSec compliant. > > Nope. Openvpn uses it's own ssl based protocol. It cannot directly > interoperate with ipsec tunnels. ;) > > That said, if you have control over both endpoints, IMHO openvpn is a > vastly better choice than ipsec. > > kevin > > ______________________________________________________________________ > Dit bericht kan informatie bevatten die niet voor u is bestemd. > Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u > is toegezonden, wordt u verzocht dat aan de afzender te melden en het > bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid > voor schade, van welke aard ook, die verband houdt met risico's > verbonden aan het elektronisch verzenden van berichten. > > This message may contain information that is not intended for you. If > you are not the addressee or if this message was sent to you by > mistake, you are requested to inform the sender and delete the > message. The State accepts no liability for damage of any kind > resulting from the risks inherent in the electronic transmission of > messages.
Attachment:
signature.asc
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
