Edward Ned Harvey wrote:
> Installing the openvpn client on the pc is ... slightly more complex than
> the average installer, but not horrible. You run an installer, and then
> you'll need some config files and keys specific to your client. It's pretty
> easy to distribute the config files etc in a self extracting zip file, but
> the config file must specify the name of the VPN adapter, and there's no way
> (that I know of) to predict whether the installer created the new adapter
> "Local Area Connection" or "Local Area Connection 2" or 3, or 4, or what.
> So the only complicated part of the install is... I find it's easiest to
> unconditionally rename the new adapter to something like "openvpn adapter."
> Easy for me, but a little much for a widespread company deployment. I don't
> know any way to automate that particular step.
I just had "dev tun" and did not define "dev-node". Worked great.
It found an available tun device.
> Cisco VPN client is more secure than openvpn, for the following reasons:
> Openvpn uses preshared keys. If the keys were exposed, then anybody could
> connect. I normally configure my cisco vpn server to first require a
> preshared key (silently automatically in the background) and then prompt for
> username / password of an active directory user.
I used certificates for my users, no pre-shared keys except for the
"tls-auth" which is pretty much equivalent to the Cisco group password.
--
END OF LINE
--MCP
_______________________________________________
Tech mailing list
Tech@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
