OpenVPN uses SSL, and I don't play well with Linux (I use FreeBSD), so if I get that up and running I'll let you know.
For the IPSec, it sounds like it might have been disconnecting after a failed or expired re-key, and neither was set to initiate a connection. That's something that you'll run into in any IPSec implementation, I think, so whatever platform/vendor you decide on will require some diligence on your part to set up. Moving to Sidewinder: We're going to be moving our web site from a 3rd party host to self-hosting, and I wanted a firewall that was a bit more robust than the WGs for that kind of thing. Sidewinder as a product has a *very* long history, and has been well regarded for many years (and it doesn't hurt that it's based on a BSD distro, albeit quite hacked up). The vendor we worked with originally on the WGs also sells the Sidewinder, and after reviewing everything we settled on that. Not cheap, but not really out of line with the offerings we saw for other higher-end offerings either, and usually less. Now Secure Computing (the next-most-recent owner of the Sidewinder line) has been acquired by McAfee, I might have different thoughts if I were buying again, but I'll reserve judgment on that for now. Kurt On Wed, Feb 25, 2009 at 16:23, Matthew W. Ross <mr...@ephrataschools.org> wrote: > I re-read my post, yeah, I left some details out: > > I tried linux hosted OpenVPN and IPSec with varying degrees of success. I > never got OpenVPN working (I really didn't get enough time to get into the > nitty gritty of setting it up, ran out of time) and IPSec worked, but it > wasn't reliable. (It disconnected within 24 hours, and would reconnect only > if I restarted the daemon on both sides. Also, neither is exactly "easy" for > a network novice to look over if I'm on vacation.) > > I'll look into both the SonicWall and the WatchGuard. Hearing that you've > used WatchGuard with some success, what issues do you have with it? > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Kurt Buff > [mailto:kurt.b...@gmail.com] > To: NT System Admin Issues > [mailto:ntsysad...@lyris.sunbelt-software.com] > Sent: Wed, 25 Feb 2009 > 16:16:05 -0800 > Subject: Re: Site to Site VPN... What works? > > >> IPSec is a suite of protocols, which are implemented by various >> vendors, in varying degrees of quality. When you said you tried IPSec, >> what do you mean by that? >> >> I'd also like to know what your issues were with OpenVPN, as it's >> something I'd like to try at some point myself. >> >> Anyway, check out the offerings from Watchguard or SonicWall, I >> suppose. However, they will most likely be implemented in IPSec. I've >> used much older stuff from WG - their FB IIIs worked quite well, but >> they are long past EOL, so we moved on to Sidewinders for reasons >> other than their VPN technology. >> >> Kurt >> >> On Wed, Feb 25, 2009 at 15:33, Matthew W. Ross <mr...@ephrataschools.org> >> wrote: >> > Greetings List, >> > >> > I've got a small lab of computers offsite. I want to be able to access >> them for support from HQ. While dail-in style VPN works okay, I'm thinking >> of getting a real site-to-site network solution working. I do want all >> traffic between the two sites encrypted, >> > >> > I've looked at IPSec and OpenVPN. For our situation, neither worked well. >> So, I figured I'd ask the list: >> > >> > What is a good Site to Site VPN solution? >> > >> > Qualifications we're looking for (In order of importance): >> > >> > 1. Cheap, as in less than $1000. >> > 2. Easy to use. Somebody with basic routing knowledge should be able to >> configure it. >> > 3. Reliable. Works well with all kinds of traffic. Doesn't drop >> connections often, maybe tries to re-establish when connection is lost. SMB >> shares over the VPN work well. Maybe even a VOIP user or two... >> > >> > Anybody know of anything that can do these? >> > >> > How about any 2 out of the 3? >> > >> > Let me know what did work for you and what did not. Thanks! >> > >> > >> > --Matt Ross >> > Ephrata School District >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
