Re: VPN Tools!

To: <debian-user@lists.debian.org>
Subject: Re: VPN Tools!
From: "nate" <debian-user@aphroland.org>
Date: Sat, 3 Aug 2002 13:09:29 -0700 (PDT)
Message-id: <[🔎] 20438.216.39.174.24.1028405369.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20020804011451.856E.AXANET@ms32.hinet.net>
References: <[🔎] 20020804011451.856E.AXANET@ms32.hinet.net>

<quote who="axacheng">
> Hello List :
>
> Does anyone knows What is best package on VPN solution????

you say nothing about what your requirements are. specifically
what platforms you are connecting. If the platform is supported,
I highly reccomend vtun. vpnd is another one that works good.
I really really REALLY dislike IPSec because it does not work
well with NAT(IPSec and PPTP were designed in such a way that
they don't work well with NAT). There are some ways to make
it work, it can be very difficult. Cisco VPNs work best with
NAT in my experience, they encapsulate all IPSec packets
inside of UDP packets, this breaks compadibility with IPSec
clients that do not support this but it works quite well, I
don't think I have encoutnered a network with NAT that the
cisco vpn wouldn't work flawlessly through. it is not
cheap though.

vtun is very reliable and I along with many in the company I
am at use it 24/7. It supports linux, most(all?) of the BSDs,
solaris too I think. runs over tcp or udp(and i think serial?).
it is very fast and not resource intensive. I replaced my
vpnd servers with vtun last december. it is easy to setup
(vpnd is much harder in my experience), and like i said, its
very reliable, and supports multiple connections to 1
port(vpnd required a seperate port for each connection).


I worked with freeswan about a year ago while I was investigating
VPN solutions for my company and was not impressed. The product
itself is fine, its the protocol that gave me trouble. We had
similar trouble using other IPSec products so I know freeswan
itself was not to blame, and reading the IPSec RFC which said
to some extent "IPsec will not work with address translation"
pretty much made me give up on ipsec alltogether. then we found
cisco's ...I tried PGPNet and SonicWall, both were pretty horrid
as well.

I have gone into more details on this list several times in
the past, so try checking the archives if you would like more
evidence on why I really despise IPSec for VPNs.

It's great for intra-network communications where both systems
are on the same subnet though.

nate

Reply to:

Follow-Ups:
- Re: VPN Tools!
  - From: Noah Meyerhans <noahm@debian.org>

References:
- VPN Tools!
  - From: axacheng <axanet@ms32.hinet.net>

Prev by Date: Re: Securing a Debian 3.0 r0 system, and a few other quick questions . . .
Next by Date: Re: woody: boot-disk for 2.4 kernel
Previous by thread: VPN Tools!
Next by thread: Re: VPN Tools!
Index(es):
- Date
- Thread