On 04/16/2012 09:35 PM, Kostas Zorbadelos wrote:
Hello all,
if this has been discussed in the past, forgive my asking and please
point me to the archives. I am interested in building a server VPN
solution for a sensitive corporate LAN. The use case is travelling,
roaming users who just want a secure access in the corporate LAN. I am
not interested in permanent VPN setups (for which I guess IPSEC tunnels
would be more appropriate).
The server OS will be OpenBSD of course. The main concerns and project
requirements are:
- client remote access to a corporate LAN
- on demand VPN for the duration of the need only
- ability to support multiple users concurrently
- cross platform (clients should be supported in as many OSes as
possible)
- performance
- strong security (of course) and easy, automated configuration for the
client
- IPv6 and IPv4 support (in a perhaps NATed environment)
Should I go for OpenSSH with its tun(4) VPN features or do you think an
OpenVPN solution would be more appropriate?
After a quick search, my main source of information is [1] and [2]. It
is also mentioned that tunneling over TCP can have issues especially in
bad connection environments (not sure if this is true or not).
Any input highly welcome :)
Regards,
Kostas
[1] http://www.kernel-panic.it/openbsd/vpn/index.html
[2] http://www.daemonforums.org/showthread.php?t=2610
I rolled out L2TP/IPSec (npppd) on OpenBSD-current with RADIUS-auth.
Used mostly by OSX and Win7. Stable and works without any additional
third-party software.
//maxim
