[talk] VPNs: Choosing between OpenVPN and L2TP/IPsec

Isaac (.ike) Levy ike at blackskyresearch.net
Mon Apr 20 22:44:24 EDT 2015

Thanks Darryl,

On 04/20/15 18:20, Darryl Wisneski wrote:
>> > 
>> > Understood, and in my experience on Macs, the same is true with the
>> > L2TP/IPSec setup.
> Viscosity worked a lot better than tunnelblick at zero-configuration
> magic and roadwarrioring; it required a lot less rebooting as viscosity
> got confused less.  Having flat DNS (no private DNS) helped too, and not
> pushing DNS to the client, but that is really bad for sane security minds.
> If you can keep the VPN setup to a single tunnel you will have greater
> stability.
> The openvpn windows client worked well enough in the little time devoted
> to supporting it.   

That's extremely good info to know, I know this need is inevitable down
the road...

> We had a script that bundled the client and cert together and the user
> could one-time download it.

Cool- that's roughly how I was hacking around with it today.  I'm really
impressed how transparent and clear the OpenVPN bits are.

>> > 
>>> > > 
>>> > > OpenVPN also has that sort of TrueCrypt “who makes this and why?”
>>> > > aspect to it, and I cannot think of a single commercial
>>> > > networking/security firm that includes OpenVPN alongside other VPN
>>> > > options.
>> > 
> I considered it to be a feature that ios and android users couldn't get
> a tun interface easily.  It appears that has changed.

I certainly share your centiment there.

> -dkw

Excellent report and notes, I really appreciate it!


More information about the talk mailing list