> You might want to look at openvpn. It has the required auto reconnect > (short interruptions should be fine as it is UDP based) > I've not used it with windows, but it was straight forward to setup on > Mac and Linux.
I also use openvpn in windows, linux, and mac (in addition to Cisco IPSec VPN). (BTW, in the mac, which client do you use? I was most recently using tunnelblic, but I haven't reinstalled since upgrading to snow leopard, so I will soon revisit this question to do the reinstall.) Here's what I will say about openvpn: If you use the windows client, they say the latest stable version is blahblahblah. Don't use that one. Go up to the latest rc, which is not officially the one they recommend. The reason is that the latest one, in my experience, is very stable, and includes the GUI system tray icon. If you use the one they recommend, then as long as your vpn client is connected, you have to leave this ugly DOS text window open. Configuring the openVPN server is kind of a pain in the butt, but once you figure it out once, it's quite reliable and secure, robust, etc. Installing the openvpn client on the pc is ... slightly more complex than the average installer, but not horrible. You run an installer, and then you'll need some config files and keys specific to your client. It's pretty easy to distribute the config files etc in a self extracting zip file, but the config file must specify the name of the VPN adapter, and there's no way (that I know of) to predict whether the installer created the new adapter "Local Area Connection" or "Local Area Connection 2" or 3, or 4, or what. So the only complicated part of the install is... I find it's easiest to unconditionally rename the new adapter to something like "openvpn adapter." Easy for me, but a little much for a widespread company deployment. I don't know any way to automate that particular step. Cisco VPN client is more secure than openvpn, for the following reasons: Openvpn uses preshared keys. If the keys were exposed, then anybody could connect. I normally configure my cisco vpn server to first require a preshared key (silently automatically in the background) and then prompt for username / password of an active directory user. Cisco VPN client is easier to install for active directory users, because you can deploy the firewall setting via group policy, and then all you need to do is run the installer and extract config files, and you're done. However, if you don't have AD group policy, it can be a bit much to tell users to add that application to their firewall exceptions. In this case, I think installation of Cisco or Openvpn are both equal on the easy/difficulty scale. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
