[talk] VPNs: Choosing between OpenVPN and L2TP/IPsec

Isaac (.ike) Levy ike at blackskyresearch.net
Mon Apr 20 23:41:42 EDT 2015


On 04/20/15 13:49, Nikolai Fetissov wrote:
> Ike,
> 
> Definitely go with OpenVPN for roaming users. It's just way easier
> then anything else. Clients for all relevant platforms are free (use
> tunnelblick on Mac: https://code.google.com/p/tunnelblick/), there's
> even a free iPhone app. You would need to manage the certs and crls,
> but that comes required with any of your contenders. OpenVPN at least
> gives you a nice set of tools to do this with easyrsa. Use default
> UDP transport. It's way faster then doing the same over TCP.

Ah, but one slick trick I learned from a fine Op today: running an
additional server on port 443/TCP is extremely useful for the road
warrior thing...

But yeah- they reported severe degredation on lousy networks, e.g. may
as well be trying to pummel ssh tunnels with less management pain...

> 
> I have the server side running on open with chroot and privsep, and
> custom krb5 auth, which I'm too lazy to clean up and submit as a
> package.
> 
> Cheers, -- Nikolai

Ha- I'd love to hear your krb notes sometime, (though that begs my next
question coming to list)....

Best,
.ike



More information about the talk mailing list