My preference is to use OpenVPN because you're not exposing the remote network directly since the tunnel is created on a virtual subnet that does not exist on either the local or remote network. Another benefit is that you can control which parts of the remote network you want to expose. For example, If the remote LAN is configured on 10.0.0.0/22 and you want to permit access to a file server or printers on 10.0.3.1/24, you can do that without exposing servers on a different part of the subnet, which is especially effective with VLANs. Revoking certificates from the OpenVPN server is also easier to manage than revoking SSH certificates (you are using cert auth, right?). OpenVPN also gives you control over whether you want to allow local DNS, or to force all traffic including DNS through the tunnel. OpenSSH will respond if someone guesses the listening port, unlike OpenVPN which can be configured for stealthy operation even if you leave it on the default port.
Anand. On Fri, Oct 5, 2012 at 3:56 PM, caziz <[email protected]> wrote: > Hi All, > > I've been part of a debate where admins asserted that vpn is more secure > than ssh. I don't get it and haven't found any good refs from my Google > searches. > > Opinions? (Knowledgeable ones preferred). > > Thanks, > Chris > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
