Re: advice on ipsec implementations
Dave Harrison wrote:
Hi all,
I'm interested in using NAT-T for a VPN connection on Debian. However
the FreeSWan packages appear to be broken currently, and since that
would mean I'd have to compile FreeSWan by hand with a NAT-T patch, it
has inclined me towards looking at active developments such as OpenSWan
and StrongSWan that support NAT-T already, and are ongoing projects.
Can anyone give me feedback on their experiences with either of these
projects ?
FreeSwan has terminated and forked into two projects of which OpenSwan
is one.
However, for my VPN I use OpenVPN:
summer@kowari:~$ apt-cache show openvpn
Package: openvpn
Priority: optional
Section: net
Installed-Size: 452
Maintainer: Alberto Gonzalez Iniesta <agi@agi.as>
Architecture: i386
Version: 1.6.0-4
Depends: debconf, libc6 (>= 2.3.2.ds1-4), liblzo1, libssl0.9.7
Filename: pool/main/o/openvpn/openvpn_1.6.0-4_i386.deb
Size: 166618
MD5sum: 56fe11b5eeca669993226c71fa595015
Description: Virtual Private Network daemon
An application to securely tunnel IP networks over a single UDP port,
with support for TLS-based session authentication and key exchange,
packet encryption, packet authentication, and packet compression.
summer@kowari:~$
It's pretty easy to set up, gets along well with firewalls: it
communicates with UDP. Currently I use it on RHL 7.3 (which is the
firewall), on Sarge inside a Billion firewall, Woody ditto, and Woody
whch is the firewall, oh, and Sarge which is the firewall.
OpenVPN does dynamic compression, encryption and has clients for (at
least) Linux and OSX.
--
Cheers
John
-- spambait
1aaaaaaa@computerdatasafe.com.au Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
Reply to: