[EMAIL PROTECTED] wrote: > i have also setup openvpn, which works great for me from home, and i have been > able to successfully get this working. however, one of the users that connects > to my VPN is having problems making openvpn and his kerio firewall "play > nice", > and a working openvpn configuration cannot survive a reboot due to win xp > being > such a great OS. >
I would definately stick with the openvpn solution. It's simplier to implement, and i didn't understood the part that the configuration cannot survive a reboot. Is this a problem on the user side? If it is, the same potential to damage the openvpn setup, could be used to dmage the ipsec setup. And i do have many clients of mine, that use a openvpn solution on windows XP without problems. You can even make your own instalation package (http://openvpn.se/files/howto/openvpn-howto_roll_your_own_installation_package.html), that places your certificates and conf files in the right place, so the setup can be corrected with a few clicks of the user. It can even run without administrator rights (http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html). Now about the kerio firewall, you should try to completely disable the flitering on the tun/tap interface and/or disabilitating filtering on the port that openvpn uses. Yes, that's another advantage, it use only ONE port, and is NAT friendly. So i always recomend openvpn. My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85