View Single Post
Old 2nd July 2009
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

Hi all,

Thanks for your replies, -lots- to think about!

I think based on what you've said I'll stick with OpenVPN, primarily based on the below.

Quote:
If you need split-horizon topologies, DNS flexibility, the means to punch out of fire walled location, or any one of another half-dozen "requirements," then your going to find OpenVPN more flexible and easier to be successful with. Once the text files are mastered and correct, they are set so I don't recommend making the choice about something that -- once working -- you won't be playing with any more.
I'm pretty sure as it stands now that I'll be requiring "flexibility" / split-horizon.

Quote:
There are advantages to OpenVPN: the main one being that since it's using a "standard" UDP payload, it can snake data into places where IPSec may not be able to easily go. IPSec may have trouble with NAT transitions, or have trouble with firewalls outside of the VPN admin's control that block ESP/AH protocols.
Uncontrolled firewalls may be an issue should I be in a "public place" for example.

As for performance I'm not sure that is really an issue. My VPN will mostly be for maintenance use or probably at most with a few users on at a time.

Sooo... with that said. Would there be a similar "walk-through" as the "Zero to IPSec in 4 minutes" but for OpenBSD/OpenVPN? Or would you be able to assist with which "configuration files" to modify? I've already looked at them (briefly) but really have no clue what each are for. I'm not sure I will need certificates and probably just use PSK for now, at least get it working first anyhow.

Thanks for your help!
Reply With Quote