I was looking at OpenVPN, but it looks to me like it won't work in our environment. We have multiple subnets on our internal network, and it looks like the OpenVPN client needs admin rights on the endpoint to update routes. Our users don't have admin rights and that's not something I'm looking to change. Have you found a workaround for this or is it not an issue in your environment?
...Tim -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, January 29, 2013 8:53 AM To: NT System Admin Issues Subject: Re: Favorite VPN solution? On Tue, Jan 29, 2013 at 7:46 AM, Tom Miller <[email protected]> wrote: > The clients work fine, but I'm wondering if there are other solutions > out there. We're using OpenVPN because (1) it's based on extremely well-tested code, (2) it's light-weight, and (3) it's free. The main UI is extremely limited. Basically an on/off indication. That can be disconcerting to users. OTOH, the log is quite detailed and useful. It provides no PKI management infrastructure of its own. We use OpenSSL. I'm told Windows Certificate Services also work. OpenVPN has nothing in the way of sophisticated management facilities. Just text config files and text log files. We only have one site/policy/config, so it's no problem for us, but in a larger environment with many differing policies that could get burdensome. > Thoughts? Anyone using clientless VPN with a PIX? "clientless" VPNs just mean they dynamically install/run the client via a Java applet/ActiveX control. Deciding whether or not this is a good idea is left as an exercise to the reader, but I note that allowing such things in general is a common security problem. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
