On Thursday 09 October 2003 09:45, [EMAIL PROTECTED] wrote: > Oded Arbel wrote: > > I'm using OpenVPN to create a tunnel from my workstation to my home > > computer so I can get in the office network from home (because I couldn't > > get the RH only linux SecureRemote client to work, and that's what my > > company uses), and > > Hmm, that's exactly the situation I have to face. > My workplace uses Checkpoint's VPN, I haven't even bothered to try their > SecureClient on my Debian Sid box. > We do, however, have an open ssh port (I have yet to try to use it, with > tunnelling and stuff). > Do you know how would ssh compare in convenience to OpenVPN? > I expect I'd mostly need to get to the office' Exchange 5.5 server > through this VPN.
If I had an SSH port open I wouldn't need openvpn :-) just open an SSH tunnel on demand and you're set. up side - you don't need to have a continuisly running tunnel. down side - it's TCP, so if you have connectivity issues it might be a problem. Comapared to an SSH tunnel, openvpn is tons more complicated to setup - you need to get or make a CA, generate keys (you really don't want to use shared secrets), setup tun/tap if you don't have it, run the server on the home system and making sure it stays up, running the client on the workstation and making sure it never loses connectivity. but it beats messing around with non-portable binaries compiled for an old distribution which was never that good when it was new. Another thing - if you want to use more then one service (or even do general IP routing over the tunnel), then SSH seems like less of a good idea - you need to setup an IP tunnel (using ppp probably) and then its starting to close the complexity gap with openvpn (always had trouble getting those pesly pppds to stay up). plus, I don't think I like the overhead of SSH for routing general IP traffic. -- Oded ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
