On Thursday 14 October 2004 03:04 pm, Geoff Nordli wrote: > [EMAIL PROTECTED] wrote: > > On Thu, 14 Oct 2004 07:13:04 -0700, Geoff Nordli > > > > <[EMAIL PROTECTED]> wrote: > >> OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, > >> FreeBSD, NetBSD, Mac OS X, and Solaris. > > > > And how many routers and firewalls out there do support OpenVPN? Do > > Cisco routers support it? > > > > On the other hand, IPsec works on all the platforms you mentioned > > *plus* most routers/firewalls from Linksys toyz up to Cisco and > > Checkpoint etc etc etc. > > > > rgds > > benjk > > No argument here. If you want to do gateway to gateway then IPSEC is a > solid choice. They pretty much run flawlessly. The only thing I don't > like is the kernel modification required on the 2.4 kernel series to embed > Openswan/Freeswan into the kernel. Just one more thing to worry about if > you need to upgrade the kernel. > > Since the guy was talking about using an SSH session I assumed he was > looking at client to gateway options. IPSEC is not a great option there. > An easier solution is to use something like PPTP, but sometimes GRE is not
Please don't use PPTP as a security solution, because it really isn't. It's so flawed you can even connect to it without having ANY encryption. Microsoft with their never ending wisdom have incorporated design flaws that make cryptographers and security professionals distrust it, and recommend against its use. Or as the writers of Building Linux Virtual Private Networks says: "We recognize that there are times when you must support PPTP ... In either of these cases, we offer our deepest sympathies." > supported on every firewall. Plus PPTP requires modification to the ppp > kernel modules to support mschap-v2 -- this is also a pain. So something > like OpenVPN is a good solution. > > Geoff > > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Steve Szmidt "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
