Quote:
Originally Posted by jggimi
Correct. You have a Cisco device ...
|
Quote:
Originally Posted by plexter;
I'm looking to switch my VPN access from Cisco over to my OpenBSD FW...
|
If I'm understanding the OP's direction -- away from Cisco to openBSD+pf -- then then answer set is quite different.
Yes, OpenVPN is a very nice option, especially in mixed O/S environments (for example, road-warrior=Windows, and gateway=openBSD). In a mixed O/S topology, OpenVPN is *arguably* the easier of all options to get working, once you've sourced the binary installs for each side -- client and gateway.
If you want to stay in the IPSec realm, I've had road-warrior success with Shrew Soft's
http://www.shrew.net/ (freeware, donations accepted), where the road-warriors O/S are Windows- or Linux- or certain xBSD-based, in IPSec session with openBSD as the firewall/gateway.
If you're using openBSD *both* as the client road-warrior O/S and as the gateway O/S, then you can (and should) keep it native openBSD IPSec (i.e. no openVPN, no shrew.net).
In an openBSD-openBSD (or linux-openBSD) topology, ssh tunneling (ssh -w) is an interesting, easily achived VPN as well.
/S