View Single Post
  #4   (View Single Post)  
Old 26th November 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by schrodinger View Post
...The plan is to eventuality be able to VPN back to home from anywhere with any OS as I have XP, Debian and FreeBSD on my two laptops from a wide range of Internet connections.
Given openBSD-as-the-gateway and a broad client-side O/S base, then, on both a sweat-equity basis (i.e. best return/outcome for your time) and a likihood of success, go openVPN.

With openVPN, a pivotal decision you need to make is the server/gateway side "role." Is it one client to one gateway. Or is it many clients to one gateway.

If your gateway is "personal," and it's one road-warrior connecting to the gateway, then openVPN is quick, easy and effective.

If your gateway is "multi-user," and it's many road-warriors connecting to the gateway, then there is -- in all practical sense -- one true operating server-side configuration. This many-to-one use config, like most things worth doing well, is more complicated. It's not that it's especially "hard" as it is that it is a "layered" configuration.

This many-to-one TLS server mode is available is the 2.0 version stream BUT IT'S VASTLY IMPROVED (read: works properly) IN THE RELEASE 2.1 version stream WITH MAJOR TLS FIXES IN RC7. I can't recommend strongly enough that you use the 2.1rc7 (or higher) for this mode. The "packages" branch is 2.1rc7 (as of this posting). The ports branch, at http://openports.se/net/openvpn, is 2.1rc13.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote