Hi, I am facing a task of choosing vpn server. I do not know which is better. The one distributed with CentOS4.5 only supports pppd (or maybe pptp but I cannot find it). If* *I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070919/da78f1d5/attachment-0001.html>
On 9/19/07, Wei Yu <zig.wei at gmail.com> wrote:> Hi, > > I am facing a task of choosing vpn server. I do not know which is better. > The one distributed with CentOS4.5 only supports pppd (or maybe pptp but I > cannot find it). > If I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop? > > Thanks. >I suggest OpenVPN. It's modern, very secure, and had a wide range of options and usage scenarios. PPTP / L2TP is a pain to get working, and it has some security issues.
Wei Yu spake the following on 9/19/2007 8:19 AM:> Hi, > > I am facing a task of choosing vpn server. I do not know which is better. > The one distributed with CentOS4.5 only supports pppd (or maybe pptp but > I cannot find it). > If/ /I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop? > > Thanks. >If you want PPTP because of Windows clients, you need some kernel patches and some firewall patches. You can use a CentOS spinoff like ClarkConnect for this as it already has the patches, and a decent web config to set things up. If you want something more secure, use OpenVPN, but you will have to set each client up manually. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
"Brian Mathis" <brian.mathis at gmail.com> wrote:> I suggest OpenVPN. It's modern, very secure, and had a wide range of > options and usage scenarios. PPTP / L2TP is a pain to get working, > and it has some security issues.I want to second this suggestion. Another strong advantage of OpenVPN is that it is SSL based. This means it can listen on port TCP/443, which means your odds of actually connecting to it at very good as compared to IPsec and other solutions, which often find themselves getting filtered, not NATed well, etc. robert
On Thursday 20 September 2007, Ken Price wrote:> OpenVPN doesn't support IPSec at all. It's an SSL implementation. > You'll want to look at Openswan (http://www.openswan.org/) for IPSec. > PS. The "www" is very important when going to the openswan site. > Their webserver is configured funky. > > For Microsoft compatibility, Poptop and Openswan are your best bets. > Neither are a piece of cake to setup, but I personally find Openswan > easier ... but then I've been using it in a production environment for > 5 or 6 years (was Freeswan).You'll want an L2TP setup, though, for best security, performance, and best compatibility. There are commercial Linux firewall boxes that do this easily; SmoothWall is one. Barring that, install l2tpd (for CentOS 4 it's on Karanbir's CentOS repo; for CentOS 5 I'm not sure, as I don't have extra repos enabled on any of my CentOS 5 boxes). Windows L2TP VPN's are the most secure, being PPP over L2TP over IPsec, without the holes that have plagued PPTP (PPP over L2TP does essentiall the same thing PPTP does, but in a more secure and standard manner). -- Lamar Owen Chief Information Officer Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
"Brian Mathis" <brian.mathis at gmail.com> wrote:> The use of port 443 with openvpn is only mentioned as a convenience, > because many firewalls allow traffic to port 443 to pass > unrestricted, while they may block other ports.Absolutely right. I never intended to imply anything else. Sorry if there was any confusion. robert