Hi, On Thu, Feb 26, 2015 at 03:18:14PM +0000, Michael O Holstein wrote: > > (And: don't mix "IPSEC" with "OpenVPN". OpenVPN does not use IPSEC, > > as that's not synonym for "encrypt traffic" but a very specific crypto > > suite. OpenVPN is "SSL VPN") > > Both IPSEC and SSL support multiple cipher suites. IPSEC is a layer 3 > concept. SSL is a layer 5/6 concept.
OpenVPN sits on the same layer as IPSEC, or below (if doing L2 VPN). It's not "web browser SSL". > > I'm looking for encryption that's completely transparent to programs, will > > work properly across multiple servers with IP multicast > > Then what you want is IPSEC. > > OpenVPN has it's advantages, but SSL vpn is designed primarily > for remote access, where you want the granular control over user > access. When you want to transparently connect two sites over the > Internet you use IPSEC. OpenVPN can do site-to-site as well as road-warrior. Don't confuse this with other SSL VPN offerings on the market that are purely "client software to expensive central piece of hardware" style. > Here is a good article from Cisco that spells out the differences : > > https://supportforums.cisco.com/document/113896/quick-overview-ipsec-and-ssl-vpn-technologies ... "for Cisco's SSL VPN offering". > I'm not saying you *can't* do a site-to-site with OVPN since you most > certainly can, just like you can use IPSEC for road-warriors .. but at least > try to use the proper tool for the job unless there are technical > restrictions that limit your choices. Since this is the OpenVPN list, OpenVPN is the tool of choice. Just to point out the obvious :-) IPSEC is great when you have to interface with something that does not do OpenVPN. And that's about it. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpWDvJzFLzkW.pgp
Description: PGP signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
