[talk] VPNs: Choosing between OpenVPN and L2TP/IPsec
Isaac (.ike) Levy
ike at blackskyresearch.net
Mon Apr 20 22:44:24 EDT 2015
Thanks Darryl,
On 04/20/15 18:20, Darryl Wisneski wrote:
>> >
>> > Understood, and in my experience on Macs, the same is true with the
>> > L2TP/IPSec setup.
> Viscosity worked a lot better than tunnelblick at zero-configuration
> magic and roadwarrioring; it required a lot less rebooting as viscosity
> got confused less. Having flat DNS (no private DNS) helped too, and not
> pushing DNS to the client, but that is really bad for sane security minds.
> If you can keep the VPN setup to a single tunnel you will have greater
> stability.
>
> The openvpn windows client worked well enough in the little time devoted
> to supporting it.
That's extremely good info to know, I know this need is inevitable down
the road...
>
> We had a script that bundled the client and cert together and the user
> could one-time download it.
Cool- that's roughly how I was hacking around with it today. I'm really
impressed how transparent and clear the OpenVPN bits are.
>
>> >
>>> > >
>>> > > OpenVPN also has that sort of TrueCrypt “who makes this and why?”
>>> > > aspect to it, and I cannot think of a single commercial
>>> > > networking/security firm that includes OpenVPN alongside other VPN
>>> > > options.
>> >
> I considered it to be a feature that ios and android users couldn't get
> a tun interface easily. It appears that has changed.
I certainly share your centiment there.
>
> -dkw
Excellent report and notes, I really appreciate it!
Best,
.ike
More information about the talk
mailing list