I've tried Tunnelblick on my mac and after some issues figuring out where it stored the config files it actually uses (and some issues with permissions, etc.), I got it working pretty nicely. I'll have to check out Viscosity.
And yeah, the AstLinux GUI openvpn certificate creation/management tool is pretty sweet. -James On 08/11/2010 04:35 PM, Lonnie Abelbeck wrote: > I prefer OpenVPN as my VPN of choice in AstLinux. As Darrick stated, by > default UDP is used as transport, so it carries voice very nicely. > > Additionally, the throughput of OpenVPN is noticeably higher than IPsec in > AstLinux, for unknown reasons. A wimpy net4801 can do 3.6Mb/s using blowfish > encryption over OpenVPN. > > Granted IPsec has differences that may be beneficial at times, but OpenVPN > has never failed me. AstLinux supports certificates via OpenVPN, currently > IPsec does not in AstLinux. > > OS X users will find "Viscosity" an excellent OpenVPN client. > > Lonnie > > > On Aug 11, 2010, at 2:32 PM, Darrick Hartman wrote: > > >> James, >> >> Philip will argue that IPsec is "better" because it operates at the >> kernel level and as a result, you can traffic shape better. While that >> is true, my statement that openvpn is currently a better option in >> AstLinux for dynamic IP addresses is still valid. We currently do not >> support dynamic end points in IPsec. >> >> Philip, openvpn uses UDP for transport, not TCP by default. You CAN use >> TCP, but it's not recommended. >> >> You CAN support routes back from the client to the server. This is >> called client-to-client routing and requires a few additional config >> files to work properly. I do this all the time for remote offices so >> they can have a network printer that is reachable from the main office. >> >> Darrick >> >> On 08/11/2010 02:28 PM, Philip Prindeville wrote: >> >>> Because IPsec copies the QoS markings of packets from the encapsulated >>> packet into the wrapping packet. >>> >>> It is also datagram based, so you won't have to worry about delays caused >>> by lost packets, retransmission, and reordering (unlike openvpn which runs >>> over SSL+TCP). >>> >>> >>> On 8/11/10 12:09 PM, James Babiak wrote: >>> >>>> Why is that? I'm curious because I use openvpn in astlinux all the time >>>> (both as a server and client) and am pretty happy with it. I use it for >>>> both static and dynamic remote locations to connect back to my house, >>>> and generally have about 3-4 openvpn sessions going at a given time. >>>> I've used it quite successfully with different soft phones apps (on >>>> laptops and my iphone), and assuming that I have sufficiently good >>>> bandwidth, have never had an issue sending voip traffic over an openvpn >>>> tunnel. >>>> >>>> My only gripe with openvpn is, unless I'm missing something, the lack of >>>> clients being able to advertise routes back to the server. And even if I >>>> set them statically, I could never get it working right. Granted I >>>> didn't spend too much time on it, and decided to just create a dual >>>> tunnel (client<-server and server->client). >>>> >>>> What benefit(s) does ipsec give over openvpn for voip? >>>> >>>> -James >>>> >>>> On 08/11/2010 02:28 PM, Philip Prindeville wrote: >>>> >>>>> On 8/10/10 9:25 PM, Darrick Hartman wrote: >>>>> >>>>> >>>>>> On 08/10/2010 11:21 PM, Philip Prindeville wrote: >>>>>> >>>>>> >>>>>>> On 8/10/10 8:49 PM, Mark Phillips wrote: >>>>>>> >>>>>>> >>>>>>>> Would pptp be available as a VPN option? >>>>>>>> >>>>>>>> I can find no references to it other than it was an experimental >>>>>>>> package >>>>>>>> back in 0.6. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> Mark >>>>>>>> >>>>>>>> >>>>>>> It's still in the source tree and buildable, but if you need VPN, I'd >>>>>>> go with IPsec. >>>>>>> >>>>>>> >>>>>> Or OpenVPN. Both are good options, depending on the need. If you are >>>>>> going static IP to static IP, IPsec is the best choice. If you're going >>>>>> dynamic to static, openvpn (currently) is a better choice. There is >>>>>> still work to be done for our implementation of IPsec to work with >>>>>> dynamic end points. >>>>>> >>>>>> Darrick >>>>>> >>>>>> >>>>> IPsec is also the best choice if you're running VoIP over a tunnel. >>>>> >>>>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by >>> >>> Make an app they can't live without >>> Enter the BlackBerry Developer Challenge >>> http://p.sf.net/sfu/RIM-dev2dev >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >> >> -- >> Darrick Hartman >> DJH Solutions, LLC >> http://www.djhsolutions.com >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by >> >> Make an app they can't live without >> Enter the BlackBerry Developer Challenge >> http://p.sf.net/sfu/RIM-dev2dev >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
