Re: VPN: SSH or IPSec???
On 16 Apr 2003 at 17:05, Jeff wrote:
> Felipe Martínez Hermo, 2003-Apr-16 18:23 +0100:
> >
> > So far, I also prefer IPSec because it seems to be the most
> > standard-compliant implementation, but I want to know my options. I
> > have just bought Kolesnikov's book, but I have not started with it
> > yet. One last thing: shold I set up a router (and so start with
> > Adv-router-HOWTO) or should I go directly to FreeSwan Documentation?
> >
> > I am a little puzzled and I don't know what to start with.
> >
> > Thanks for your help
>
> Be careful in assuming that IPSec is "standard-compliant". It's more
> of a reference model for implimentors to use. Interoperability
> between different implimenations is sketchy and usaully only works in
> a very basic configuration, such as Main Mode (as opposed to Agressive
> Mode) and with Pre-shared keys (as opposed to certificates).
>
> Since you have Windows PC's on the road, be sure that there are
> available clients that interoperate with FreeSwan.
You can even have it interop with the nativ Win2k/XP-implementations.
I've set up an ipsec-vpn with an l2tp-tunnel, which is (besides the
worse pptp-thing) the default for Win2k/XP. And you can even freely
download tools for free from Microsoft to get it working from Win95
onward. Okay, don't know why the Microsoft-people added the l2tp-
thing (FreeS/Wan can do complex tunnels even without this
"workaround") but it works perfect.
Reply to: